We’ve all heard the line: legacy identity governance and administration (IGA) platforms may be expensive and frustrating to use, but “nobody will get fired for buying [insert well-known provider].” But that warm-blanket adage is no longer holding true. Today, bringing on a legacy IGA provider can create real security and compliance liabilities. We often cite Gartner’s finding that 50% of IGA deployments are in distress—because it’s shocking: at a time when access governance is more critical and time sensitive than ever, legacy solutions are failing to deliver functionality to their customers for months (or years).
We of course have our (strong) opinions on legacy IGA—we built our platform to fill a critical gap in the identity security market left by legacy options. And we’re familiar with the stories—long implementation times, ballooning costs, shelfware features, poor user experiences. But hearing first-hand accounts from actual users is always eye-opening.
So when we wanted to get a better understanding of on-the-ground experiences with legacy IGA platforms, we went straight to our customers, many of whom describe themselves as “never again” legacy users. We asked them for details: What had they learned using legacy IGA in the past? Why did they come to ConductorOne looking for an alternative?
Below are just a few of the things we heard—from customers who were happy to anonymously share their experiences with our wider community. These are the stories and opinions IT and security teams need to hear when weighing their IGA options. To be fair, there’s still a place for legacy IGA tools in the market. But for most companies, legacy IGA has proven to be both too much and not enough of a solution at once. Here’s what some of our customers had to say:
CIO at a financial services company who previously used a legacy tool at two separate financial institutions:
- Too expensive: “The price tag was astronomical.”
- Long implementation: “It took a good six months to get implemented, and users have to rely heavily on documentation—I had to read tomes.”
- Unexpected costs: “I almost lost my mind after signing a $250,000 contract when it turned out I needed to spend another $45,000 on a server. ** ** It was the only way I could implement the product—a humongous hidden cost that hit my business really hard.”
- Poor customer support: “Once you sign that contract—bye bye.”
- The pros: “Setting up campaigns was easy once you got it up and running. It was very robust.”
- The takeaway: “If you’re a huge company with a bajillion different entitlements and employees, and you have a massive sec ops team sure—(legacy IGA) may be something that works for you.” Otherwise, “ConductorOne is the way to go—cutting-edge, fast, efficient, and easy.”
Infrastructure Security Team Lead at a consumer technology company that replaced a legacy IGA tool with ConductorOne:
- Failed implementation: “Our deal was three years at around $750K. When I arrived at the company, we were halfway through the contract, with pro services attached, and not a single use case was onboarded yet.”
- Lack of innovation: “It’s your grandma’s 20-year-old identity software. It’s slow, not innovative, not doing super interesting stuff. Modern companies want to configure as code. They want modern tools, a good native Terraform provider, etc.”
- Outdated user experience: “God help you if you need to debug it. If there’s a problem with integration, there are all sorts of feature flags and turning on debug logging to see under the hood and find out why it’s not working. You need to shut it down, turn it back on, open a log file in a notepad to look for the line to debug…”
- Not customer oriented: “If you have a feature that’s important to you, they’ll likely never add it—they don’t care. They’re not as customer oriented, especially for smaller customers.”
- The takeaway: “You know a product is too complex when they tell you they prefer that you use a partner for integration. With ConductorOne, we had our admin role policy done and people using it in production within 15 minutes.”
Information Security Solution Architect at a logistics company who evaluated a legacy IGA tool before choosing ConductorOne:
- All or nothing: “Even if you only purchased one product, the expectation was that you’d slowly move fully to their platform. I told them we wanted to keep our current IdP and didn’t want to move. They didn’t seem to care—I could tell they would continue to push.”
- Convoluted packaging: “Nice-to-have features were hidden in other modules, so you needed to buy them to use those features. I don’t want to buy two modules to figure out how to do access reviews. ConductorOne works the way I need it to.”
- Too expensive: Even before discussing the cost of implementation, they decided against the platform: “The software price wasn’t beneficial for us to do a long-term contract.”
Every company and team has their own environment, needs, and challenges to consider when choosing an IGA platform—and for some very large, very complex organizations, legacy IGA may very well be the best option. But it’s no longer the only option and, as shown above, there are strong reasons for companies to think twice before choosing a legacy IGA tool.
To go more in depth on the differences between legacy and modern IGA solutions, check out our Guide to Modern IGA. To learn more about ConductorOne, talk to our team!
