Identity at the Center·Jun 22, 2026·59m·Episode #430

#430 - AI for IAM and IAM for AI with Martin Sandren

Download audio Show notes Apple Podcasts

Show notes

Connect with Martin: https://www.linkedin.com/in/martinsandren/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

TIMESTAMPS

00:00 Welcome and EIC 2026 intro

01:47 What has changed in two years: AI, sovereignty, shared signals

03:06 Martin's EIC presentations: AI for IAM and IAM for AI

04:46 Can you prioritize one direction over the other?

07:13 What would it take to trust AI making identity decisions?

09:32 AI-enhanced detection and risk-based session management

13:07 Session invalidation and the shared signals framework

14:11 Defense in depth and right-sizing privileges

18:25 MFA today: any MFA versus phish-resistant MFA

19:17 AI chatbots, enterprise LLMs, and shadow AI

23:11 MCP servers, NHI risk, and return on risk thinking

27:00 AI configuring IAM systems: how close are we?

31:30 LLM costs, the SaaSpocalypse, and enterprise AI futures

40:10 Identity dark matter and the IVIP concept

44:16 CMDB versus IVIP: do you need both?

46:18 The EU AI Act and building an AI governance registry

49:18 Where to start: get your AI inventory in place first

50:00 Closing thoughts and the solar panel tangent

KEYWORDS

AI for IAM, IAM for AI, identity dark matter, IVIP, IGA, shared signals framework, phish-resistant MFA, defense in depth, session management, MCP servers, NHI, shadow AI, SaaSpocalypse, EU AI Act, AI governance, zero standing privilege, EIC 2026, IKEA, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Sandren

← Previous

#429 - Sponsor Spotlight - SailPoint

Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Martin Sandren, IAM Product Lead at IKEA, for a wide-ranging conversation covering nearly every corner of modern identity security. Martin shares what has changed since his first IDAC appearance on episode 293, including the rise of AI, growing interest in digital sovereignty, and the maturing shared signals framework. The conversation moves through risk-based defense in depth, tiered MFA rollout strategies, session management, and the real challenge of trusting AI to make security decisions. Martin introduces identity dark matter and explains how IVIP can surface the 95-plus percent of applications that never reach an IGA system. The episode also covers shadow AI, MCP server risks, the SaaSpocalypse debate, and the EU AI Act. It closes on a grounded note: solar panels. Connect with Martin: https://www.linkedin.com/in/martinsandren/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00 Welcome and EIC 2026 intro 01:47 What has changed in two years: AI, sovereignty, shared signals 03:06 Martin's EIC presentations: AI for IAM and IAM for AI 04:46 Can you prioritize one direction over the other? 07:13 What would it take to trust AI making identity decisions? 09:32 AI-enhanced detection and risk-based session management 13:07 Session invalidation and the shared signals framework 14:11 Defense in depth and right-sizing privileges 18:25 MFA today: any MFA versus phish-resistant MFA 19:17 AI chatbots, enterprise LLMs, and shadow AI 23:11 MCP servers, NHI risk, and return on risk thinking 27:00 AI configuring IAM systems: how close are we? 31:30 LLM costs, the SaaSpocalypse, and enterprise AI futures 40:10 Identity dark matter and the IVIP concept 44:16 CMDB versus IVIP: do you need both? 46:18 The EU AI Act and building an AI governance registry 49:18 Where to start: get your AI inventory in place first 50:00 Closing thoughts and the solar panel tangent KEYWORDS AI for IAM, IAM for AI, identity dark matter, IVIP, IGA, shared signals framework, phish-resistant MFA, defense in depth, session management, MCP servers, NHI, shadow AI, SaaSpocalypse, EU AI Act, AI governance, zero standing privilege, EIC 2026, IKEA, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Sandren