Symantec SiteMinder

 View Only

Digital Transformation, Modern Applications, and SiteMinder, a Great Trio

By Herbert Mehlhorn posted Dec 13, 2021 03:11 PM


Digital transformation is the oft used phrase to describe the most recent evolution of connecting an organization and its constituents, such as customers, partners, citizens, employees, and even regulators via software.  This current wave of evolution is driven by a number of technical advancements that provide organizations even greater ability to design and deliver software, as a modern application, unlocking more business value while improving a user’s interactive experience.  

For most organizations, embracing digital transformation is not a process stove piped within a single narrow time frame.   It is built on top of multiple historic digital transformation waves.  How far back were the waves your organization caught that have produced your current IT infrastructure?  Was it the introduction of SQL in the 1980’s, the internet in the early 90s, or the first SaaS applications gaining traction in the early 2000s.   Probably all of those and more.  Digital transformation is better viewed as an ongoing stream of IT change that started decades ago and will continue for decades to come (see quantum computing).   It is constant, but organizations don’t throw out the existing infrastructure as the new wave is breaking.  More often, they link the new evolution with their deployed environment to continue to reap the value of the assets they have developed over previous evolutions. 

That brings us to the current transformation, the “Modern Application”.   A bit more definition will help complete the foundation before the commentary turns to SiteMinder.  So, what is a modern application?  Rather than describe it in software technology terms, let’s first establish the definition of a modern application as a set of characteristics. 

A modern application, ideally, would support secure, controlled access to information

  • With any device a user would like to use
  • From any location a user would like to access the information from
  • To accomplish any purpose the user is entitled to execute
  • With an overall experience that is **** and intuitive

Additionally it should

  • Be deployable in any infrastructure the organization would like to deploy it in
  • Provide flexibility for agile enhancement to any of the above noted characteristics without wholesale rebuilding
  • Integrate with other applications via lightweight stateless api-based interactions

While **** in concept, building a strictly modern application using solely the most current protocols and schemas of software technology will probably not be possible.  That’s because some or multiple of the following points will be true:

  • It is likely that all of your targeted users for a given application (employees, citizens, partners, temporary help, etc.) won’t have devices or access channels that the newest software technology requires.
  • The backend data necessary to fuel the modern application isn’t in stores that support the most modern methods of access.
  • The new application will likely have to leverage another existing application developed in a previous IT transformational wave and the budget will not accommodate scraping and rebuilding it.
  • The new application will need to provide audit and compliance information to management tools added to your infrastructure, during another previous IT wave, so that a full compliance status can be assembled for management.

And if none of the above points are relevant for your organization, there are other examples you can think of that probably would be.   

However, these points will not deter the modern application wave.  They represent typical challenges to be accommodated in any IT transition.  Organizations will embrace new tools, methods and processes to advance the state of their ability to deliver the highly desirable characteristics of the modern application.

Acknowledging that current modern applications are pulling the IT train in a new emerging technical direction, but will need to be integrated with “non-modern” applications and IT infrastructure, completes the frame of reference for layering in how SiteMinder supports the modern application.   

Over a number of years and releases SiteMinder has introduced and then improved support for a range of features supporting identity and access for newer applications of the period. The current wave of applications are designed to leverage JWT tokens for establishing identity trust and access control.  The preferred flavor of JWT tokens are ID Tokens and Access Tokens that come from ODIC and OAuth flows.  SiteMinder has evolved, providing ongoing support for these needs.  Recent releases have expanded support for mobile devices as well as simplifying the support of voice-activated home and office devices and on-line chat bots.  This class of enhancements enable you to continue to apply SiteMinder’s secure and scalable access management capabilities to your modern applications.  Coupled with its ongoing support for previous transformational waves, SiteMinder also helps when you encounter the need to connect an overall access management service to the “non-modern” parts of your modern application terrain.

To provide a couple of examples of how SiteMinder supports the modern application, take a few more minutes (each of these videos are less than 5 minutes in length) to see how it supports gathering attributes from heterogeneous stores in support of an OIDC flow and how account linking can be simplified when delivering SiteMinder protected information through a modern access channel, voice activated Google Home devices:


Please also make use of other SiteMinder training available at