• GenAI can unlock clear, quick IAM insights by turning dense data into clear, natural-language answers.
• SiteMinder’s APIs and audit logs make it an ideal testbed for experimenting with AI-driven access intelligence.
• Standardized protocols like MCP bridge the gap between LLMs and IAM systems, enabling secure, scalable integrations.

Across industries, Identity and Access Management (IAM) teams are under pressure to make faster, more informed decisions. Policies sprawl, audit requirements grow and logs pile up, often leaving valuable context buried in complex datasets. The rise of GenAI is a chance to change that and turn complex identity datasets into actionable, conversational insights to help better understand and manage IAM environments. 

In Part 1, we explored how GenAI can bridge the gap between IAM data and the teams who need it, regardless of their familiarity with the systems. Now, we’ll walk through a real-world implementation I built using Broadcom SiteMinder—a well-established enterprise-grade Single Sign-On (SSO) and access management platform—as the foundation.

As someone who works with customers regularly to troubleshoot access flows, decode logs and tighten policy configurations, the goal of this experiment was to see how far we could go by putting a large language model (LLM) between an IAM system and the people who rely on it every day. 

The vision: a chat assistant for access intelligence

For this proof of concept, I wanted to push beyond theory and see what happens when GenAI meets a real IAM environment—in this case, SiteMinder. Imagine being able to ask your IAM system:

• “Is /myapp protected? Who has access and what auth scheme is applied?”
• “Who deleted the agent called `myagent` last week?”

Instead of opening a console, pulling logs and tracing policy relationships, you’d get a natural-language answer that is backed by live API data or audit trail insights. That was the goal: make identity intelligence easier to reach, especially for people who aren’t steeped in SiteMinder internals.

Why SiteMinder?

SiteMinder already plays a mission-critical role in many of the customers I work with. It enforces enterprise-wide access policies, handles large-scale authentication and logs every decision it makes. That makes it an ideal testbed for GenAI-assisted insights—as long as we can effectively surface the right data.

Thanks to its matured REST APIs and structured audit logging, SiteMinder is well-positioned to integrate with GenAI via standardized interfaces. 

Using MCP as the bridge

To make this integration a reality, I leveraged the Model Contextual Protocol (MCP), initially introduced by Anthropic. MCP provides a standardized way for LLMs—like Claude, OpenAI, Gemini or Mistral—to securely and efficiently interact with external data sources and services.

Think of MCP as the universal connector like USB-C for AI integration. It's widely adopted, secure and flexible, working equally well with cloud-based or on-premises AI deployments.

The prototype: three key components

Let’s test this in a real environment. To explore this potential, I developed three experimental components, available on GitHub (not publicly listed—request access if you’d like to try them).

1. SiteMinder Policy MCP Server

• Connects to SiteMinder’s REST APIs
• Queries and retrieves details of the policy objects and its related objects (excluding sensitive info)
• Answers questions about policy protection, access scope and authentication schemes

2. SiteMinder Audit MCP Server

• Parses SiteMinder’s audit logs and smps logs
• Lets you query audit events like policy deletions, object modifications and login anomalies
• Surfaces errors in smps logs and provides troubleshooting or improvement advice

3. MCP Client with Chat Interface

• A front-end written in Node.js and React
• Connects to local or cloud-based LLMs (OpenAI, Claude, Gemini, etc.)
• Provides a chat-based UI for natural interaction with IAM data

All three components are designed to work independently or together. You can use your own MCP-compatible client (like Claude Desktop or LM Studio 0.3.17+), or use the chat UI bundled with the prototype.

They’re not polished enterprise-grade products, but they provide a functional starting point for anyone curious about bringing AI to IAM. To see how it works, watch the demo on how to query policies or query audit and smps logs.

Query policies

Query audit and smps logs

How it works in action

1. You ask, “Is resource `/secure-app` protected?”
2. The MCP client sends your query with the MCP tooling descriptions to the LLM.
3. The LLM selects the appropriate tool and replies with the call structure.
4. The MCP Client triggers the tool and queries the MCP Server.
5. The MCP Server retrieves the relevant realm or audit info.
6. Results are returned to the LLM, which formats the final response.
7. The response: “Yes, `/secure-app` is protected by form-based auth scheme `CorpLogin` and with IdleTimeout 1800 secs.”

No console logins. No sifting through XML. Just insight.

The same goes for audit log questions:

• “Who deleted agent `DevProxy` last month?”

The Audit MCP Server searches audit trails and provides the timestamp, admin ID and action reason that is formatted as a natural-language response.

How to get started

1. Request access to the private GitHub repos listed above.
2. Clone the MCP server repositories once approved.
3. Connect to your existing SiteMinder REST APIs and logs.
4. Integrate your preferred language model (e.g., OpenAI, Claude).
5. Launch the MCP client and start chatting with your IAM data.

Detailed steps and further guidance are available within each GitHub repository. Check the README.md file.

What I learned and what’s next for you

Working through this experiment surfaced a few takeaways that apply beyond SiteMinder:

• IAM is AI-ready. The building blocks including APIs, logs, policy data are already there.
• Language matters. LLMs don’t need to "know" your system's native API. They just need the right structure (MCP protocol) and the right tooling description to query through.
• Exploration drives adoption.  Once admins saw what was possible, they started asking questions they never thought they could automate.

This is still early-stage, but the potential is real, and it’s not limited to SiteMinder. Any IAM system with APIs and logs could follow this pattern.

For teams managing access at scale, GenAI can turn complexity into clarity—helping you stay ahead of policy sprawl, audit demands and everyday IAM challenges.

Let’s keep exploring what’s possible with IAM. Contact your in-region expert for a demo, and let's innovate together.