Interactive Assessment: Measure Your Maturity

Instructions: For each of the following 6 questions, select the option that best describes your organization's current state. Be honest—this is the first step toward securing your future.

How do your users handle login or approval tasks that start on one device and finish on another (e.g., desktop request requiring mobile approval)?

We rely on custom-built solutions or static credentials (inconsistent/hard to maintain)

We know about standards (like CIBA) but haven't implemented them.

We use modern standards for key systems, but the experience is fragmented.

Modern standards (CIBA) are core to our architecture, ensuring a seamless, secure cross-device experience.

1 out of 6

How are new applications and automated tools given credentials to operate in your environment?

Completely manual: Filing tickets and waiting for IT to create accounts/OAuth Clients.

Exploring automation, but currently no solution in place.

Semi-automated, but still requires manual approval steps.

We use Dynamic Client Registration (DCR) with Metadata verification to automatically register and link identities to owners/policies.

2 out of 6

How do applications get their first secret/password without a developer manually embedding it?

Secrets are often in config files, code repos, or manually placed.

Centralized vault, but the app still needs a pre-existing token to access it.

Modern workload identity used for some new cloud apps, but not universally.

Zero-trust framework (SPIFFE/SPIRE) issues short-lived, rotated identities based on what the workload is, not just where it runs.

3 out of 6

What is the lifecycle process for service accounts?

No formal process; accounts persist indefinitely.

Manual tracking and periodic manual reviews.

Partial IGA integration; manual approvals.

Full IGA automation via standards such as SCIM "DELETE" signals are immediate and automated.

4 out of 6

How do you ensure AI agents acting on behalf of users have correct permissions?

Agent uses a powerful, generic service account (no user link).

Exploring user context, but not standardized.

Proprietary methods to include some user info.

Token Exchange and On-Behalf-Of (OBO) flows create a clear audit trail of user intent.

5 out of 6

How do you monitor AI tool activity for compromise?

Manual analysis of individual system logs.

Central SIEM logs, but manual/post-mortem analysis.

Custom alerts for critical accounts only.

Shared Signals Framework (SSF) triggers real-time automated responses (e.g., session termination).

6 out of 6

First Name (Mandatory)

Last Name (Mandatory)

Company E-mail (Mandatory)

Phone (Optional)

OUR CAPABILITIES

Privileged Access Management

Governance, Risk, & Compliance

Identity Management for Agentic AI

Identity & Access Management

Cloud Identity & Access Management

INDUSTRIES

Financial Services

Omnichannel retail

OUR SERVICES

Advisory & IAM Consulting Services

Managed Services

Agentic AI Readiness  Assessment

get your free assessment

The ultimate IAM adoption roadmap: Timelines, must-Haves, mistakes, & more

COMPANY

About Indigo Consulting

Blog

Contact Us

BOOK A DISCOVERY CALL

5th in Quebec, 18th in Canada: Our 5 Keys to Ranking Among the 2025 Best Workplaces in Technology!

Interactive Assessment: Measure Your Maturity