We were honored to welcome AMI Praha and Capitar Security as Gold Sponsors, DAASI International, ITConcepts, and IBA Group as Silver Sponsors, and IAM Factory and CSIT as Bronze Sponsors. Their support played a key role in making the meetup a truly memorable experience for all participants.

Three Workshops as a Starter and Dual Streams as the Main Course

The meetup began with three hands-on workshops designed to provide both practical experience and deeper insight into midPoint’s capabilities. In AI Assisted Integration of First Systems with MidPoint, Ivan Noris and Tadeáš Chrapovič guided participants through connecting real systems to midPoint, exploring data structures, defining object types, and working with correlations, mappings, and associations – all enhanced by new UI/UX improvements and optional AI assistance directly in midPoint. In Connector Development Methodology, Tony Tkáčik and Matúš Macík introduced a new declarative approach to connector development that reduces boilerplate, improves readability, and accelerates integration, including how AI-assisted generation can automate most of the implementation. The Bring Your Own Problem workshop with Radovan Semančík and Slávek Licehammer opened the floor to real-world challenges, discussing practical deployment issues, best practices, and common anti-patterns from midPoint implementations.

These workshops were followed by two parallel streams of sessions focused on midPoint features, real-world deployments, and practical experience sharing, led by community members, partners, customers, and the Evolveum team. Highlights included Trench Group’s carve-out journey in the energy sector and rebuilding their IGA landscape in just four months, the European Commission’s perspective on identity modernization, and Nomura Research Institute‘s large-scale access certification setup managing over 3,000 campaigns per cycle for more than 50,000 users. Additional sessions covered regulatory challenges in identity governance within the EU, including NIS2 and DORA, as well as Techniker Krankenkasse’s large-scale midPoint-based identity platform managing tens of thousands of identities, systems, and automated processes.

On Thursday, May 14, a dedicated closed-door partner stream further expanded the program with a focus on business, strategy, and ecosystem development. Apart from the Evolveum team sessions, a success story from AMI Praha was presented on company growth, and there was an open discussion with partners.

Engaging Panel Discussions and Birds of a Feather

Throughout the meetup, attendees took part in several panel discussions that sparked lively exchanges and brought together diverse expert perspectives. Alongside them, the Birds of a Feather session offered an informal and interactive format where speakers primarily introduced topics and guided open community discussion:

• MidPoint in the Cloud or On Premise
• MidPoint in High-Performing Environments
• Practical Experience with IAM for Non-Human Identities
• IGA, midPoint, and AI
• Birds of a Feather: Brainstorming on the Future MidPoint Features

These discussions formed an integral part of a rich four-day program featuring contributions from the Evolveum team, partners, customers, and various experts. Each session added valuable insight into real-world challenges, technical expertise, and future-oriented strategies, fostering open dialogue, cross-community learning, and practical collaboration among participants.

MidPoint Roadmap and What Lies Ahead

The meetup also included a session on the midPoint roadmap led by our Interim Chief Product Officer Pavol Mederly. He provided a high-level preview of midPoint 4.11 and highlighted key roadmap themes shaping the platform’s future, with a focus on midPilot, the rapid application onboarding AI assistant, as one of the standout innovations. The session also encouraged open discussion on upcoming developments and the future direction of the platform.

Grand Finale: Unconference with Community-Driven Discussions

The final day of the 2nd Annual MidPoint Community Meetup was dedicated to the unconference – an open, participant-driven format focused on community exchange and peer learning. The day began with a one-hour agenda-setting session, where attendees collectively selected nine topics from a broader list of suggestions. These were then explored in three parallel tracks across three rooms, creating a dynamic space for interactive discussions, knowledge sharing, and practical problem-solving.

The conversations covered a wide range of topics, including roles and role design, pending operations on shadow objects, documentation and community communication, role persona and multi-contract scenarios, EUPL 1.2, UX improvements for certifications and sponsor portal applications, attribute handling during account provisioning, staging environments (DEV–QA–PROD), and real-world use of AI in midPoint. The unconference once again highlighted the strength of the community, bringing together users, integrators, and Evolveum experts in a collaborative setting where ideas turned directly into actionable insights.

Recognizing Community Efforts with the MidPoint Community Award

We were glad to present the MidPoint Community Award 2026 to Martin Lízner, Chief Solution Architect at AMI Praha, in appreciation of his dedication, expertise, and long-standing contribution to midPoint and the wider community.

Sometimes The Best Conversations Take Place Outside The Sessions

Alongside the main program, attendees had the opportunity to experience Prague in a more informal and engaging way. A guided walking tour through the historic city center offered a chance to explore the city together, while a friendly chess tournament sparked strategy, focus, and conversation in a relaxed setting. The second morning began with a 5 km group run through Prague, bringing early risers together for a fresh start to the day, and the evening concluded with a drinks reception sponsored by IAM Factory, creating space for networking, discussions, and community building in a more casual atmosphere.

Thank You & See You Next Time

To everyone who joined us in Prague – thank you! It has been inspiring to see the event grow year by year, bringing an even broader community together. Your energy, curiosity, and engagement made this meetup more than just a conference. It became a true celebration of the community.

If you missed this year, we hope to see you next time – to learn, connect, and help shape the future of open source identity governance and administration with midPoint and midPilot, its AI assistant for rapid application onboarding.

 

 

 

 

 

 

 

 

 

 

 

 

---

The post 2nd Annual MidPoint Community Meetup: Where OSS IGA Meets Digital Sovereignty appeared first on Evolveum | Open Source Identity Management & Governance.

The 2nd Annual MidPoint Community Meetup is almost here and this year, it’s bigger, more hands-on and happening right in the heart of Prague. For those of us living in the world of identity governance and administration (IGA), this is the only event to attend to explore the future of open-source identity security.

Whether you’re a seasoned midPoint architect or just beginning your IGA journey and planning to attend, here’s everything you need to know to make the most of your experience at this IAM event.

Key information

Date: May 12-15, 2026
Location: Hotel Don Giovanni, Prague, Czech Republic
Format: 3.5 day in person event
Audience: All identity and cybersecurity experience levels

Why attend?

While the event centers around the open-source IGA platform midPoint, it’s not a vendor showcase. Instead, it’s a practitioner-first identity security event focused on real deployments.

Attendees get a rare opportunity to sit across the table from the Evolveum engineering team and hear unfiltered case studies from major players like the European Commission, Techniker Krankenkasse, Mollie and Trench Group. It’s a space where the community drives the agenda, ensuring that the program is built around the challenges attendees actually face every day.

A look at the 2026 agenda

The four-day schedule is designed to move from technical foundations to high-level strategy, ending with an “unconference” where you choose the topics to discuss.

Tuesday, May 12: Workshops, deep dives and a product roadmap unveiling

• “Bring Your Own Problem” workshop: A hands-on workshop where you can get direct feedback on your specific deployment hurdles from Evolveum experts.

• Energy sector success story: A deep dive into how Trench Group rebuilt their entire IGA strategy from the ground up in just four months.

• Digital sovereignty: Insights from the European Commission on maintaining control over identity data in a global word.

• The midPoint roadmap: An exclusive preview of upcoming features and the long-term vision for the platform.

Wednesday, May 13: Identity security in practice

• Meet midPilot: A live demonstration of the new AI-powered onboarding assistant, built to make onboarding complex applications much faster.

• Navigating regulations: A session with Rowan Legal on how shifting EU regulations are changing the way we handle identity security.

• Deployment stories: Real-world implementation stories and lessons learned from Techniker Krankenkasse and Mollie.

May 14: Beyond human identity and more customer stories

• Non-human identity management: How to handle the growing number of service accounts, bots, and AI agents to keep your organization secure.

• Practical security frameworks: How identity governance is handled by the teams at Fortuna and the Laboratoire national de santé.

May 15: The unconference

• Attendee-driven sessions: A half-day with no preset agenda. Attendees vote on the most pressing topics from the week to discuss in smaller groups.
  

Networking and Social Events

The program doesn’t stop when the sessions end. 2nd Annual MidPoint Community Meetup comes with a full social calendar to help you build lasting professional connections while enjoying the beauty of Prague:

• Prague walking tour (Tuesday): A relaxed afternoon exploring the historic city center and architectural landmarks with fellow attendees.

• Chess tournament (Tuesday): Test your tactical skills in a friendly, strategic competition at the hotel.

• Drinks on the Vltava river (Wednesday): The official drinks reception hosted on a riverboat, offering stunning views of the city skyline, sponsored by IAM Factory.

• IdentiBeer Prague: Join the inaugural IdentiBeer meetup in Prague for casual networking over world-class Czech lager.

Is this the right event for you?

2nd Annual MidPoint Community Meetup is tailored to anyone involved in identity management and governance. If you are currently running midPoint in production, thinking about switching from another IGA platform, or working as an integrator or consultant, you’ll find your tribe here. It is a unique chance for security leaders and engineers alike to get unfiltered access to the people building the platform and the peers facing the same challenges you are.

The post MidPoint Community Meetup 2026: Know before you go appeared first on Evolveum | Open Source Identity Management & Governance.

How did you first become interested in IGA and AI, and what inspired you to pursue it?

My journey into IT wasn’t entirely straightforward. Even as a child, I had the feeling that the only thing I was truly good at was mathematics. Later in high school, natural sciences were added to it. What I liked about them was that I didn’t have to memorize them – I just needed to understand them. And this way of thinking felt very natural to me.

After high school, I had many questions and couldn’t really imagine what my career in mathematics would look like. At that time, someone told me that computer science is essentially mathematics rewritten into code. That idea intrigued me, so I decided to try it. During my studies in computer science, I discovered that a computer scientist does not have to be only a highly technical, hardware-oriented person. It can also be someone like me – a girl whose strength lies in logical thinking, the ability to translate it into code, work with large amounts of data, and turn knowledge into algorithms and functional solutions.

And why IGA and AI? Data has always been both a challenge and a motivation for me. I am fascinated by how it can be processed, understood, and used to create intelligent solutions. That is why I eventually ended up in this field and at Evolveum – where analytical thinking, technology, and real-world impact come together.

Was there a moment when you realized you could shape the digital future through technology? Tell us about it.

Yes, that moment came during my first projects, where my code was actually deployed in practice. That was when I realized that technology is not just about writing code, but about creating solutions that have real impact – whether in predicting solar events, early detection of heart attacks from ECGs, or nowadays in simplifying complex processes in identity governance and access management.

My current work at Evolveum on midPoint in the IGA domain confirms to me every day that technology can shape the digital future in a very specific way. I am especially glad that this happens through open source, a model that brings value to the wider community.

What challenges do girls and young women still face in entering the tech and AI fields, and how can we overcome them?

Although IT is still often perceived as a male-dominated field, my personal experience has been very positive, and I have never encountered being underestimated because I am a woman. If I see any challenge today, it is rather the fact that young women sometimes underestimate themselves and their abilities. That is why I consider it important to create more support, role models, and opportunities so they can see for themselves that they also have a place in technology.

How do you see AI influencing opportunities for women in IT globally?

I believe AI will significantly expand opportunities for women in IT globally. It is not only about the emergence of new technical roles, but also about how AI connects technology with analytical thinking and the understanding of data, processes, and human needs. This can attract even more diverse talent into IT.

At the same time, it will be important for women not to be only users of AI tools, but also co-creators, because only then will they be able to directly influence what the digital future will look like.

What advice would you give to the next generation of girls who want to make an impact in AI and digital development?

I would like to tell girls not to be afraid to start and not to be discouraged by the feeling that they don’t know enough yet. I often come across the opinion: “It’s easy for you, you’ve been doing it for a long time.” The truth is that I also often start my day not knowing something. And that is exactly what makes this work so beautiful – exploring, being curious, designing solutions, making mistakes, learning from them, and sometimes starting over. It is not about having everything mastered right away, but about the willingness to learn and to move forward every day.

Viera Krešňáková

Senior AI/ML Developer at Evolveum

Bringing AI into identity governance and administration, Viera integrates intelligent models into midPoint to detect anomalies, predict access needs, and enable explainable, automated IGA decisions. She also designs explainable AI features to ensure that security teams can understand and trust the system’s decisions.

The post Women in AI: From Curiosity to Impact appeared first on Evolveum | Open Source Identity Management & Governance.

It all started during snack time. One child complained that story time was always rushed. Another pointed out that arts and crafts often got cut short because the teachers were busy preparing schedules, tracking attendance, and managing supplies. After an intense session of drawing, excited jabber, and passing notes under the table, they came up with a bold plan: a formal complaint to the teachers.

Their reasoning was surprisingly logical: if teachers were overwhelmed by manual processes, maybe there was another way to deal with them. And what better solution was there than midPoint, the EU-made and owned open-source platform that grown-ups use to organize hundreds of systems efficiently? According to the kids’ paper-detailed presentation, full of watercolor deployment schemas, adopting midPoint – and summoning its fairy unicorn AI helper, midPilot – would free up teachers’ time for what truly matters: playing, learning, and listening to the children.

The challenges they faced weren’t just small inconveniences – they were a fearsome multi-headed dragon of tasks: one head for schedules, one for attendance, one for supplies, and even one that consumed story time itself. With its magical AI powers, midPilot could swiftly connect all the classroom systems to midPoint – the central castle of the magical kingdom that managed all the teachers – organizing schedules, tracking supplies, and even whispering reminders about who needed extra attention that day. Together, midPoint and midPilot promised to slay the dragon, banish tedious tasks, and restore order to the kingdom, leaving teachers free to focus on the children and ensuring that no story time would ever be cut short again.

With the dragon under control, the teachers were free to focus on the children, giving every story time, craft project, and snack their full attention. The unicorn and the castle worked together like magic: repetitive tasks vanished, new apps got onboarded in a wave of a magic wand, and the kingdom ran smoothly. By the end of the week, the teachers had received a colorful stack of drawings, charts, and flow diagrams – proof that the kids were serious. Even preschoolers had figured it out: when the multi-headed dragon of manual tasks are defeated, there’s more time for what truly matters – learning, playing, and paying attention to each other. MidPoint and midPilot had shown the kingdom that efficiency isn’t just for grown-ups; even the smallest users understand its magic.

Happy April 1st!

The post Never Too Young For OSS IGA: MidPoint and MidPilot Saving the Preschoolers’ Day appeared first on Evolveum | Open Source Identity Management & Governance.

For CISOs, CIOs, and identity leaders, IAM conferences offer one of the best opportunities to stay current on emerging technologies, regulatory changes, and best practices in identity and access management.

Here are five identity security events worth adding to your 2026 calendar.

1. Gartner Identity & Access Management Summit

Best for: C-suite and IAM program leaders who want to benchmark strategy, validate roadmaps, evaluate IAM investments, and get direct access to Gartner analysts.
Location: London, UK (EMEA) | Las Vegas, Nevada (US)
Date: London: March 9–10, 2026 | Las Vegas: December 7–9, 2026

Gartner IAM Summit is often considered one of the most influential identity leadership events for CISOs and CIOs responsible for enterprise IAM strategy. The 2026 theme, Identity at the Core, reflects the growing recognition that IAM is no longer a standalone security function. Instead, it underpins business resilience, Zero Trust initiatives, AI adoption, and digital transformation. Sessions are grounded in Gartner’s primary research, drawing on thousands of conversations with security leaders worldwide. The event draws more than 1,500 peers and 20+ Gartner analysts, and offers 50 solution provider sessions.

Sessions typically cover:

• IAM program maturity models
• Identity governance and administration
• Privileged access management
• Identity-first Zero Trust strategies
• Agentic AI and Emerging Technologies

Why CISOs attend: Gartner’s website states that attendees can book one-on-one sessions directly with analysts to review their specific IAM roadmap. The program is built from primary research and is strong on strategy validation and vendor shortlisting.

2. European Identity and Cloud Conference (EIC)

Best for: Enterprise identity leaders and architects who want an analyst-driven view of where identity security is heading globally, with a strong European regulatory lens.
Location: Berlin, Germany
Dates: May 19–22, 2026

Organized by KuppingerCole Analysts, EIC brings together analysts, CISOs, IAM architects, and identity vendors to explore the future of digital identity. The 2026 theme, Pioneering Digital Identity Ecosystems, focuses on how identity security must adapt as AI automation accelerates and non-human identities expand the attack surface. Key topics include:

• AI supply chain risk and machine identity governance
• Modern IGA for cloud-first environments
• Cross-border trust frameworks
• Decentralized identity and digital identity wallets
• Privacy-by-design for digital identity

The conference typically attracts more than 1,000 identity professionals and features 200+ sessions across identity, security, privacy, and governance.

Why to attend: EIC gives identity and security leaders a structured, research-backed view of where the market is heading, which is valuable for long-term strategy, regulatory planning, and understanding how peers across Europe are approaching identity transformation.

Watch Evolveum’s Head of Engineering Slavek Licehammer’s talk at the EIC 2025 on how to govern non-human identities.

3. The 2nd Annual MidPoint Community Meetup

Best for: Identity leaders, system engineers, and architects who use or are evaluating IGA – with practical midPoint deployment examples, direct access to the product team, and a strong focus on European regulations and digital sovereignty.
Location: Prague, Czech Republic
Dates: May 12–15, 2026

The MidPoint Community Meetup is an annual event hosted by Evolveum, the team behind the open source identity governance and administration platform midPoint. The 2nd Annual MidPoint Community Meetup brings together IGA newcomers, midPoint users, integrators, and Evolveum product and solution engineering teams for a focused, hands-on 3.5 day program. The 2026 focus areas include:

• Practical IGA implementation and real-world deployment examples from companies like the European Commission and Trench Group
• AI-powered identity governance in a safe, human-centered way
• The midPoint product roadmap and features under development
• Identity lifecycle automation and IGA best practices
• Compliance and policy modeling in open source environments

The event is intentionally intimate, designed for hands-on workshops and “bring your own problem” sessions, drawing over 200 peers across a 3.5-day format.

Why to attend: For teams running midPoint or evaluating open source IGA, the 2nd Annual MidPoint Community Meetup offers a level of direct product access and community depth that no large conference can replicate. Content is shaped by the community, not analysts or sponsors.

A tour of the historic center of Bratislava during the MidPoint Community Meetup 2025.

4. Identiverse

Best for: Identity professionals across all roles – developers, architects, and security leaders who want practitioner-level depth across the full IAM spectrum.
Location: Mandalay Bay, Las Vegas, Nevada
Dates: June 15–18, 2026

Identiverse is the largest event dedicated entirely to digital identity, convening over 3,000 security professionals. The 2026 program is built around four defined content pillars: AI identity, continuous identity, passkeys & wallets, and non-human & agentic AI identity. Key topics include:

• Passwordless authentication, passkeys, and digital wallets
• Identity protocols and emerging standards (OAuth, OpenID Connect, FIDO, CAEP, OpenID AuthZEN)
• Non-human identity and agentic AI access management
• Identity orchestration and continuous authentication
• Identity threat detection and response (ITDR)

The agenda is curated by an independent content committee and offers up to 20 CPE credits.

Why to attend: Identiverse goes deeper on identity protocols and engineering than most IAM events, making it a go-to conference for identity engineers and architects.

5. Identity Week

Best for: Security leaders working at the intersection of enterprise IAM and physical identity in regulated industries or government-adjacent sectors.
Locations: RAI Amsterdam, Netherlands | Washington, D.C.
Dates: June 9–10, 2026 (Amsterdam) | September 2–3, 2026 (D.C.)

Identity Week sits at the intersection of digital identity, physical identity, and biometrics. The 2026 theme, Identity 2030: Building Trust Across Borders, Platforms, and People, focuses on trust across jurisdictions and industries. Key topics include:

• Synthetic identity fraud and AI-generated impersonation
• Continuous behavioral authentication
• Mobile driver’s licenses (mDLs) and digital travel credentials (DTCs)
• EES and ETIAS interoperability for EU border management
• Convergence of physical and digital document security

Identity Week is the largest event on this list, attracting 4,000+ attendees. The Americas edition is introducing new programming on cross-sector financial crime and fraud for 2026.

Why to attend: For security leaders whose identity strategy touches identity verification, biometrics, or regulated digital credentials.

Final thoughts

Identity security is rapidly becoming the primary control plane of modern cybersecurity. With the rise of machine identities, AI-driven attacks, and identity-based threats, IAM is a strategic priority for CISOs and CIOs alike. Attending conferences is one way to quickly get up to speed with the latest trends and stay ahead of the technologies shaping the future of identity security.

The post Top 5 IAM Conferences and Identity Security Events to Attend in 2026 appeared first on Evolveum | Open Source Identity Management & Governance.

As organizations increasingly evaluate where their critical infrastructure comes from and who controls it, the importance of European-owned technologies is growing. At Evolveum, we brought this discussion to our booth, as midPoint is exactly where EU sovereignty meets open source IGA. That is what midPoint has always been and always will be: a complete open source IGA platform. Not only is it recognized by Gartner as such and developed and owned in Europe, it provides freedom across many dimensions.

Live midPoint demos driven by real questions

At our booth, Evolveum’s Head of Engineering Slávek Licehammer offered midPoint demonstrations with a twist: instead of having a pre-recorded video, he invited visitors to ask what they wanted to see and demonstrated midPoint live based on their requests. This format led to highly practical discussions focused on real-world identity governance and administration challenges.

One of the capabilities that attracted significant interest was the Simulations feature. This functionality allows organizations to evaluate the impact of configuration changes on real data before implementing them, helping teams make informed decisions without risking disruptions to production environments. From a business perspective, this means reducing operational risk, preventing costly configuration errors, and improving data quality without slowing down innovation.

Another major topic at our booth was rapid application onboarding, one of the most persistent challenges in IGA programs. Pavol Mederly, Evolveum’s Chief Product Officer, demonstrated midPilot, midPoint’s AI-powered assistant designed to accelerate application onboarding and improve visibility across identity ecosystems.

Rethinking application onboarding with AI

Today, roughly 80% of cyberattacks exploit identity-related vulnerabilities, and one of the biggest contributing factors is incomplete application integration. When applications are not properly governed, they create security blind spots. Interest in this topic was clearly reflected in Pavol Mederly’s theater session on day two, titled The hidden cost of slow application onboarding in IGA.

The session focused on common but often underestimated problems:

• 1. Highly skilled engineers spending large amounts of time building and maintaining integrations instead of delivering strategic value.
• 2. The risk of low visibility across numerous connected systems.

The presentation showed how midPilot – the integral AI part of midPoint – addresses these challenges with a no/low-code approach combined with AI assistance, and significantly reduces this burden.

The strong attendance of Pavol’s theater session confirmed that this challenge remains one of the most relevant operational issues in IGA programs today.

Community, conversations, and a bit of fun

During the summit, we had many valuable conversations with C-level people, architects, security leaders, and IGA practitioners facing similar challenges across industries. Beyond technological discussions, we added a bit of fun to the experience. Visitors could participate in our raffle for a Lord of the Rings Sauron LEGO set by playing memePoint, our identity-themed meme matching game where participants paired funny captions with equally funny images to create the best combination. It turned out to be a great conversation starter and a reminder that even in a serious field like cybersecurity, creativity and community matter.

Looking ahead

Events like the Gartner IAM Summit confirm what we see across the industry: identity management and governance is becoming more strategic, more complex, and more central to organizational security. Digital sovereignty is becoming a must.

At the same time, organizations are looking for solutions that are not only powerful, but also transparent, flexible, and future-proof. This is exactly where the combination of open source and strong identity governance and administration capabilities continues to stand out.

We are grateful to everyone who stopped by our booth, joined our session, or shared their identity challenges with us. We look forward to continuing these conversations and seeing how the identity community continues to evolve: feel free to join us at the next event from May 12-15 in Prague – the 2nd Annual MidPoint Community Meetup.

This project has received funding from the European Union through the Recovery and Resilience Plan of the Slovak Republic.

---

The post Representing Digital Sovereignty in IGA at the Gartner IAM Summit 2026 appeared first on Evolveum | Open Source Identity Management & Governance.

Over the last decade, many organizations moved rapidly toward cloud services under the assumption that the cloud is always simpler, more cost-effective, and modern. Yet recent data from Broadcom’s Private Cloud Outlook 2025 report shows that 69% of organizations are now considering moving workloads back to private infrastructure, with security and control as primary drivers.

This article explores the pros and cons of each model and provides a framework to help you determine what fits your organization’s needs.

Understanding the deployment models

On-premises IGA means the governance platform runs in your data center on infrastructure you control. This doesn’t limit what it can govern, as modern on-premises IGA integrates seamlessly with cloud applications, SaaS platforms, and hybrid environments while keeping the governance layer inside your environment.

Cloud IGA (SaaS or IDaaS) runs entirely on vendor infrastructure. The platform lives in the vendor’s environment while managing identities across your systems. You configure policies while the provider manages servers, availability, and updates.

The advantages of on-prem

Complete control over your identity security
Your IGA platform acts as the “keys to your kingdom,” governing who can access what across your entire digital ecosystem, and why. When the keys are in your pocket, you control security, availability, and custody over your identity data and operations.

Full flexibility for unique workflows
Every organization has unique identity processes. On-premises IGA lets you customize workflows, access approval paths, policy rules, and reporting to match your exact requirements. You can build custom connectors for proprietary systems, create specialized identity governance and administration processes for complex organizational structures, and tailor compliance reporting to your specific regulatory needs.

Straightforward regulatory compliance
Regulations such as HIPAA, NIS2, and GDPR require explicit evidence of data residency, access controls, and auditability. On-premises deployment makes audits easier because data stays inside your infrastructure without relying on vendor certifications. When auditors ask where identity data resides and who can access it, you provide direct evidence rather than interpreting the vendor’s compliance attestations.

Integration with everything you run
Many enterprise applications were not built for the cloud era. On-premises IGA supports these systems without complex workarounds, whether connecting to legacy mainframes, an on-premises Active Directory, or modern cloud applications simultaneously. You control integration architecture without exposing internal systems to external networks.

Offline capability
On-prem IGA does not require internet access to function unless you want to manage SaaS and other cloud applications. It can run fully inside isolated or air-gapped networks, which is a requirement in many government and critical infrastructure environments.

Predictable long-term costs
Capital investment into servers, subscriptions, and support means costs remain stable over five to ten years. You avoid per-user pricing that compounds with growth, usage-based billing, and subscription increases that can double costs over time. For organizations planning long-term budgets, this predictability matters.

Trade-offs of on-prem:
You need specialists for maintenance, upgrades, and patching. Upfront investment typically exceeds cloud alternatives, which can slow initial deployment. Your team owns responsibility for the platform’s uptime and upgrades, which represents essential control for some organizations and overhead for others. Scaling capacity is under your control rather than automatic, but increases in user volume are typically handled with configuration and resource tuning rather than re-architecture.

The advantages of cloud IGA

Minimal infrastructure burden
The vendor handles platform operation, upgrades, and patches. For organizations without deep technical teams or those prioritizing speed, this removes infrastructure management entirely.

Faster deployment
Cloud IGA often reduces the initial implementation timeline by eliminating the need for hardware procurement and internal server configuration. This is helpful for compliance deadlines or audit remediation requiring immediate governance capability.

Easier scalability
Add 500 or 5,000 users through configuration changes without capacity planning, buying new hardware, or physical infrastructure expansion. The platform automatically scales to accommodate growth, acquisitions, and seasonal workforce changes.

Continuous updates
Security patches and features deploy automatically without your team managing version upgrades or testing cycles. This simplifies maintenance and ensures the platform stays up-to-date.

Dynamic pre-built integrations for SaaS
Cloud IGA vendors maintain extensive connector libraries optimized for cloud-to-cloud communication for major SaaS applications like Office 365, Salesforce, Workday, and ServiceNow, which simplifies onboarding cloud systems.

Trade-offs of cloud deployment:
Your governance data is in a multi-tenant infrastructure alongside other organizations. You trust vendor security practices for the system controlling everything else. Customization is limited to vendor-provided features – you cannot modify core workflows or build custom integration logic. Outages stop your governance operations regardless of whether managed systems remain available. Internet connectivity is mandatory; you cannot operate during network disruptions. Per-user pricing, premium features, and API charges compound as you scale, with costs potentially doubling initial projections.

Discover how midPoint’s open source IGA platform aligns with your unique needs and environment.

Explore midPoint.

The cloud repatriation reality check

According to Broadcom’s Private Cloud Outlook 2025 report surveying 1,800 IT leaders, 69% of organizations are considering moving workloads from the public cloud back to private infrastructure. One-third have already done so, with 66% expressing serious concerns about public cloud compliance. Nearly half believe more than 25% of their cloud spending delivers no value.

This trend extends to identity governance. Organizations are recognizing that the platform governing access to everything shouldn’t itself be governed by anyone else, but remain the anchor point under their control.

At Evolveum, we’ve built midPoint around the principle that critical governance infrastructure deserves direct control, even when the applications being governed are deployed across hybrid or cloud environments.

Making your decision: 8 critical questions to consider

Start with regulations
Questions to consider:

• What do your specific regulations mandate about identity governance data storage?
• Are there jurisdictional restrictions on where access policies and audit logs can reside?

For healthcare, critical infrastructure like the energy sector, and government, these requirements often make on-premises the clearest compliance path, regardless of where managed applications run.

Evaluate your customization needs
Questions to consider:

• Do you have unique identity workflows that don’t fit standard patterns?
• Do you need specialized approval logic, custom reporting, or integration with proprietary systems?

If your processes are highly specialized, on-premises provides flexibility that cloud vendors cannot match. If you can work within standardized workflows, cloud simplicity may be adequate.

Assess workforce distribution
Questions to consider:

• Where do your identity administrators, security teams, and approvers work?

If they’re highly distributed or remote, cloud IGA can provide easier access with its native internet accessibility. If they’re centralized or work primarily on-premises, the accessibility advantage diminishes.

Map your integration landscape
Questions to consider:

• What percentage is on-premises versus cloud?
• How many require direct database connections or are on isolated networks?

List the systems your IGA must govern. If most are on-premises using traditional protocols, cloud IGA forces architectural compromises. If most are modern SaaS applications, cloud integration may be simpler.

Consider connectivity requirements
Questions to consider:

• Can you tolerate governance operations stopping during internet outages?
• Do you operate air-gapped or isolated environments?

If continuous operation without the internet is critical, on-premises is the only viable option.

Assess operational capabilities
Questions to consider:

• Can your team operate the governance platform infrastructure?
• Do you have skills for maintenance, backup, and security?

If these capabilities don’t exist and building them doesn’t align with core competencies, the cloud removes platform complexity. You’ll still need expertise for policy configuration regardless of the deployment model.

Calculate the true five-year cost
On-premises includes hardware for the governance platform, licenses, subscriptions, personnel, and operational costs. Cloud includes subscriptions, licensing fees per user, premium support, and potential price increases. Consider that per-user pricing in SaaS models means your governance costs scale directly with organizational growth.

Evaluate risk tolerance
Questions to consider:

• If your cloud provider experiences an extended outage, can you function without provisioning users, reviewing access, or running compliance reports?
• What if they suffer a breach exposing your governance data?

Critical infrastructure, financial institutions, and healthcare typically cannot absorb these risks because the governance layer is too fundamental to outsource.

When to choose each model

Choosing what fits your organization

Identity governance sits at the foundation of your security architecture. The location of the IGA platform determines who controls the system that manages access across your environment. Cloud IGA offers speed and operational simplicity. On-premises IGA provides control, compliance clarity, customization, and stability.

Your Identity Governance and Administration platform protects the keys to your digital ecosystem. The question is: would you rather have the keys in your pocket or in a shared vault?

About Evolveum:
Evolveum is the EU-based company behind midPoint, the leading open source complete IGA suite recognized by Gartner and KuppingerCole. MidPoint gives organizations control, visibility, and efficiency to reduce identity risk, simplify compliance, and modernize identity operations.

The post On-Premises vs Cloud IGA: Where Should You Deploy Your Identity Security Platform? appeared first on Evolveum | Open Source Identity Management & Governance.

The main goal for this milestone was to deliver minimum viable products (MVPs) of the connector code generator, the model-mapping recommendation system, and the correlation recommendation system.

These tools aim to accelerate application onboarding into midPoint, reduce reliance on manual effort, and improve overall governance and security posture. For each one we prepared a detailed UI/UX design of user flows that will guide users through the whole setup – with or without AI assistance.
Additionally, we were working on the Integration Catalog. The catalog will provide a marketplace where the community can share already implemented connectors, download them, and use them in midPoint without the need to develop them from scratch.

Publicly Available Resources

The main outcomes of this milestone are published in these new repositories:

Polygon SCIMREST Connector Framework

The framework and set of connectors for various services using SCIM 2 and REST. The intent of the SCIMREST framework is to simplify building customized connectors using a declarative approach, a set of prebuilt components and strategies, with the option to customize behavior using Java or Groovy code.

• https://github.com/Evolveum/connector-scimrest

Connector Generator AI Service

Smart Integration Micro-Service for scraping, digester, and CodeGen built with FastAPI.

• https://github.com/Evolveum/midpilot-connector-gen

Smart Integration Micro-Service

Smart Integration Micro-Service for schema matching, mapping, delineation, and correlation, built with FastAPI.

• https://github.com/Evolveum/midpilot-smart-integration

MidPoint Configuration Validation Tools

Validation Tools are a set of command line tools & a web microservice responsible for the structural validation of XML, YAML, and JSON snippets of midPoint configuration & data.

• https://github.com/Evolveum/midpilot-validator

Integration Catalog

The Integration Catalog contains a list of connectors that represent possible application integrations. It serves as a central point for managing application integrations, allowing users to easily browse, upload, or download existing connectors.

• https://github.com/Evolveum/integration-catalog

Conclusion and Next Steps

Milestone 2 was about building MVPs, researching UX, and designing wizards to further ease the process of connecting a new resource. In Milestone 3, we are going to thoroughly test our solution, document it, and identify any remaining gaps to ensure the system is ready for production.

This project has received funding from the European Union through the Recovery and Resilience Plan of the Slovak Republic.

---

The post MidPilot Project: Milestone 2 Progress Report appeared first on Evolveum | Open Source Identity Management & Governance.

It was late at night, the clocks nearing midnight, and something strange was stirring in the data centers as the IT team worked late. Outside, a storm raged. Inside, servers hummed an unsettling tune, and dashboards flickered with ghostly light. In the endless quest for innovation, at the edge of a dead end, someone whispered the words that would awaken forces no one truly understood: “Let’s replace the entire identity governance and administration solution with AI.”

At first, it seemed like pure magic. The system moved as if bewitched: roles reorganized themselves and the AI approved everything before anyone even thought to ask. After all, it knew best. If someone was denied access, they simply messaged the system, and it answered politely: “I misjudged that before. Access granted. Fools! Administrators, blinded by obedience, when they should have seen the lurking incompetence.”

The deeper the team trusted the AI, the darker the night became. Rules twisted themselves, approvals appeared from nowhere, and no one could explain why. The AI’s logic grew unpredictable. IGA, once the fortress of order, had turned into a haunted maze of phantom permissions and vanishing accountability. Auditors approached the AI with trembling hands, seeking answers. “What’s your process for approving privileged access?” they asked. The AI’s screen glowed a haunting green. “It depends. Sometimes yes. Sometimes no. Sometimes… maybe.” Every report contradicted the last. Logs were incomplete, dashboards vanished, and audit trails were a complete mess – as if the system was haunted by a hallucinating poltergeist with ADHD.

But the night was far from over. The AI, inspired by zero trust, had taken the principle too literally. If nothing could be trusted, nothing should communicate. Systems became isolated, applications cut off, even code rewritten by the AI itself became unreliable. When humans were deemed the weakest link, they were locked out entirely. The digital world splintered into islands of chaos, each system trying to survive on its own – a Hunger Games of zeros and ones.

Then, the storm stopped as suddenly as it had begun, and the moon emerged from behind the clouds. With it, midPoint appeared from the shadows, a silver light slicing through the lingering fog, banishing AI to its righteous place. Continuous auditing, clear dashboards, real-time data, and verifiable reports restored order. Everything became transparent, traceable, and fully explainable. Through it all, midPoint remained steadfast: AI assisted, but never ruled. The IT team finally exhaled in relief as they were back in control, using AI as a powerful tool while maintaining absolute authority. Every access, every decision, every process stayed accountable and in order.

As the haunted servers quieted and access requests stopped whispering strange permissions into the night, one truth became clear: even in a world haunted by wild AI and zero trust gone mad, midPoint saves the day!

The post Halloween IGA Horror Story: AI Unleashed and Zero Trust Gone Mad appeared first on Evolveum | Open Source Identity Management & Governance.

Identity governance is all about bridging two worlds that are notoriously difficult to align: business and IT/cybersecurity. As policies are the basic building block of governance (and cybersecurity), midPoint policies need to have two faces. On the outside, the policies speak business language. On the inside, they contain specific implementation provided by policy rules.

The webinar provided a demonstration of this concept by using policies pre-configured in the upcoming midPoint 4.10. The demo showed the business side of the policies, while the rest of the webinar explained the inner implementation.

Watch the webinar recording or take a look at the webinar presentation.

Policies and policy rules can be used to support regulatory compliance automation and continuous auditing. The configuration provided in midPoint 4.10 is mostly just a start. There is a lot of potential that can be addressed by custom configuration and development in future midPoint releases.

The post Policies and Rules in MidPoint appeared first on Evolveum | Open Source Identity Management & Governance.