Identity at the Center

Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Thomas Zarnhofer, IAM Architect at SPAR-ICS, the IT unit of the SPAR Austria Group, which operates roughly 3,000 retail stores and 32 shopping centers across Central Europe. Thomas shares his experience leading a full IGA transformation from a decade-old on-premise system to a modern cloud-based platform. The conversation covers the shift from a contract-based to a person-based identity model, the importance of cleaning data before migration begins, a three-phase framework of Foundation, Migration, and Adoption, lessons learned from running two systems in parallel, and a look at how AI could make IGA predictive. The episode ends with Thomas's tips for visiting Austria.

Connect with Thomas: https://www.linkedin.com/in/tzarnhofer/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps

00:00 Introduction and EIC 2026 Setting
02:00 Thomas's Identity Origin Story
03:38 What Is SPAR-ICS?
04:21 The Catalyst for IGA Modernization
07:43 Contract-Based vs Person-Based Identity Models
09:22 Consolidating Master Data Sources
11:39 Data Quality and Attribute Ownership
13:34 Partnering with HR for Clean Data
16:43 Data Analysis: Why They Chose Excel Over AI
17:53 Clean Your Data Before You Migrate
18:23 The Three Phases: Foundation, Migration, Adoption
20:12 Driving Adoption Across the Organization
21:10 Running Two Systems in Parallel
22:47 Challenge Everything vs Lift and Shift
27:23 Surprises in the Cloud IGA Journey
29:02 Testing Requirements in the Cloud
29:51 AI and the Future of IGA
32:25 AI Chatbots and Role Discovery
35:30 Scoping Business Role Visibility
36:06 Life Outside IAM: Travel and Austria Tips

IAM, IGA, Identity Governance, IGA Migration, On-Premises to Cloud, Identity Model, Contract-Based Identity, Person-Based Identity, Master Data, Data Quality, HR Integration, Joiner Mover Leaver, Cloud IGA, SPAR-ICS, Retail IAM, EIC 2026, AI in IGA, Predictive IGA, Role Management, Access Governance, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Thomas Zarnhofer

Jeff and Jim are joined by Heather Flanagan, Content Chair, and Andi Hindle, Conference Chair, for a full preview of Identiverse 2026 at Mandalay Bay in Las Vegas. They cover the 2026 theme of trust and change, why AI was removed as a standalone track and redistributed across all content areas, the provocative argument that non-human access now dramatically outpaces human access and is reshaping identity system design, whether authentication is truly solved, authorization as the harder unsolved problem, CFP surprises, networking events including Women at Identiverse, and predictions for 2027. Save 30% with code IDV26-IDAC30%. New IDPro members save $25 at idpro.org/idac.

Connect with Heather: https://www.linkedin.com/in/hlflanagan/

Connect with Andi: https://www.linkedin.com/in/ahindle/

Identiverse 2026: https://events.identiverse.com/2026/begin?code=IDV26-IDAC30%25

Heather's IAM Conference List: https://github.com/fedidcg/meetings/wiki/2026-List-of-Identity-and-Related-Conferences-and-Standards-Development-Events

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

TIMESTAMPS
00:00:00 Introduction and SolarWinds breach banter
00:03:27 Identiverse preview and discount codes
00:06:10 Guest introductions
00:06:52 Role of Content Chair
00:08:46 Role of Conference Chair
00:11:16 2026 conference theme
00:15:00 AI as context, not a standalone track
00:16:32 Control plane vs enablement plane debate
00:22:19 What the industry is underestimating
00:24:00 Non-human access outpaces human access
00:26:52 Is authentication solved? Passkeys
00:30:31 Authorization: far from solved
00:36:04 Extensibility in standards and deployments
00:38:22 CFP surprises: fraud and identity proofing
00:41:48 Usability and UX gaps
00:43:18 Agentic AI: identity or governance?
00:47:55 Networking and newcomer programming
00:51:45 Women at Identiverse
00:52:46 AI-generated CFP submissions
00:55:00 Predictions for Identiverse 2027
00:58:04 Theme songs for Identiverse 2026
01:02:58 Heather's identity conference list on GitHub
01:04:47 Swag culture at identity conferences
01:12:25 Wrap-up

KEYWORDS
Identiverse 2026, Heather Flanagan, Andi Hindle, identity conference, NHI, non-human identity, agentic AI, passkeys, authentication, authorization, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, digital identity, continuous identity architecture, zero standing privilege, verifiable credentials, identity governance

This episode and the Identity at the Center podcast is supported by CrowdStrike. Learn more at crowdstrike.com.

Jeff Steadman and Jim McDonald sit down with Scott Kriz, GM of Continuous Identity at CrowdStrike, for a deep dive into continuous identity, zero standing access, and the convergence of identity and security. Scott traces his path from co-founding Bitium, to selling it to Google Cloud, to building SGNL and ultimately joining CrowdStrike. The conversation covers how continuous identity works in practice, why traditional PAM and IGA fall short in a real-time world, and what the rise of agentic AI means for identity governance at scale.

Connect with Scott: https://www.linkedin.com/in/scottkriz/

Learn more about Crowdstrike: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/caep/?idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

00:00:00 Introduction and welcome
00:01:21 How Scott got into identity and co-founded Bitium
00:03:55 Selling to Google Cloud and the inspiration for SGNL
00:05:02 Continuous identity and zero standing access explained
00:09:13 Defining continuous identity at CrowdStrike
00:10:20 How continuous identity differs from PAM and IGA
00:15:06 Data as the foundation for continuous identity
00:19:29 Open ecosystems, Shared Signals Framework, and CAEP
00:25:26 Agents, identity chaining, SPIFFE, SPIRE, and MCP gateways
00:33:02 Identity inside CrowdStrike's broader security strategy
00:37:27 Identity security budgets and ROI-driven purchasing
00:40:04 Agentic scale and the need for automated identity controls
00:43:39 The SGNL acquisition: what it means for both companies
00:50:25 Zero trust as a real architectural framework
00:54:00 Helicopter skiing, avalanches, and staying present

Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Scott Kriz, CrowdStrike, SGNL, continuous identity, zero standing access, PAM, IGA, zero trust, agentic AI, non-human identity, NHI, SPIFFE, SPIRE, MCP, identity security, real-time authorization, cybersecurity

Jeff and Jim recap their week at KuppingerCole's EIC 2026 in Berlin, covering standout keynotes, hallway conversations, and sessions on securing AI agents, CIAM, and AI versus nuclear regulation. They announce a giveaway of Eve Maler's signed copy of Mastering Digital Identity for YouTube commenters by June 12th. The episode also features live footage and a full interview with Espen Bago, founder of IdentiBeer, recorded at the Berlin event. Jeff, Jim, and Espen discuss the rapid global growth of the IdentiBeer community, terminology challenges around NHI and IAM concepts, the gap between conference talk and real client needs, and why the industry keeps bypassing foundational data work in the rush toward AI and agentic identity.

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

00:00:10 Welcome and EIC 2026 Setup
00:03:57 Eve Maler Book Giveaway Details
00:05:00 Conference Highlights: Keynotes and Hallway Con
00:06:07 Elizabeth Garber's Standing Ovation Keynote
00:07:02 Brazil Invitation and Securing AI Agents
00:09:10 Nuclear Regulation vs. AI Regulation
00:11:07 Upcoming EIC Episode Preview
00:14:16 IdentiBeer Berlin Live Event
00:14:29 Interview with Espen Bago Begins
00:15:14 IdentiBeer Growth and Global Expansion
00:17:23 The IdentiBeer Name Debate
00:23:26 Data Quality Gaps in NHI and IAM
00:26:31 Who Owns IAM Terminology?
00:34:20 Conference Talk vs. Client Reality
00:40:52 The HR-IAM Gap Nobody Talks About
00:43:17 Fundamentals: The Karate Kid Analogy

Keywords: EIC 2026, European Identity Conference, IdentiBeer, Espen Bago, Eve Maler, Elizabeth Garber, Mastering Digital Identity, Berlin, Identiverse, NHI, non-human identities, IAM fundamentals, AI regulation, agentic identity, IGA, PAM, CIAM, IDPro, identity community, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Jeff and Jim are back with the May 2026 mailbag, answering listener questions from Amsterdam, Mumbai, Austin, and Berlin. Topics include navigating IAM vendor acquisitions, defending against AI deepfakes in remote onboarding, governing contractor and third-party identities, fixing the leaver process in IGA, and tackling a decade of IAM technical debt. The episode closes with unpopular industry opinions: why RFPs are procurement theater, why rip and replace should be normalized, and why one-throat-to-choke vendor thinking usually backfires.

IDPro new member discount: https://idpro.org/idac/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

CHAPTER TIMESTAMPS
00:00 Intro and SNL nostalgia
03:25 AI model roundup: ChatGPT, Claude, Gemini, and usage limits
10:16 Identiverse 2026 and IDPro member discount
14:53 Q1: Navigating vendor acquisitions (Isabelle, Amsterdam)
24:00 Q2: AI deepfakes in identity verification (Rajan, Mumbai)
32:32 Q3: Contractor and third-party identity governance (Caleb, Austin)
43:00 Q4: The leaver process and IGA scope gaps (Anonymous)
51:10 Q5: Tackling IAM technical debt (Tomas, Berlin)
57:00 Normalizing rip and replace
01:01:00 RFPs, one throat to choke, and other hot takes
01:08:00 Wrap-up

KEYWORDS
IAM, identity governance, IGA, vendor consolidation, acquisitions, deepfakes, identity verification, contractor management, non-employee identity, technical debt, rip and replace, RFP, joiner mover leaver, leaver process, Identiverse 2026, IDPro, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald