Building a Scalable, Robust and In-house Identity and Access Management (IAM) Solution at Yelp

Build vs buy is one of the biggest dilemmas when it comes to implementing IAM solutions in large organizations. In this conference session, we will examine the main motivations and considerations that led Yelp to build an in-house solution instead of opting for commercial off-the-shelf IAM products. We will dive into Yelp's strategic approach to developing a robust and scalable in-house IAM solution for managing least privileged access to internal and SaaS applications. We will examine the core IAM functionalities driven by the solution, such as access provisioning/deprovisioning, TTL-based access assignments, approval policy enforcement, and entitlement management, all while enhancing the organization's least-privilege posture and bolstering overall security. Furthermore, we will discuss design considerations for building, scaling, and maintaining an IAM solution for a large organization with limited resources. We will discuss stateless vs stateful architecture design, the security vs usability tradeoff, and the challenges faced during the implementation and expansion of the IAM solution's capabilities, along with the valuable lessons learned along the way.

Cagri Cetin is a Tech Lead in the Identity and Access Management team at Yelp Inc. and leading Yelp's technical IAM vision. He received a Ph.D. in Computer Science from the University of South Florida, focusing on access control and cryptographic protocols. His interests include access control, cryptographic protocol design, ensuring the principle of least privilege in large organizations, and threat modeling. He enjoys road trips, cooking, and swimming in his free time.