In this discussion, Cristina Flaschen, CEO of Pandium, speaks with Heather Flanagan, Principal at Spherical Cow Consulting, and Shon Urbas, CTO of Pandium, about the complex realities of building integrations when identity, compliance, and data governance are on the line.

Heather’s Background and Identity-Centric Lens

Heather Flanagan draws on years of experience in identity standards, advising governments, nonprofits, and tech companies on secure identity flows. At Spherical Cow Consulting, she emphasizes that integrations are not just about API connections. They must preserve identity and policy context across systems. This lens shapes how she evaluates long-term integration quality.

Identity is the Data

In many cases, identity itself is the data being transferred. Systems are not just passing files. They are transmitting roles, permissions, and group memberships. A failure in handling identity correctly can result in unauthorized access or users being locked out. This is especially critical in sectors like government and education.

The Hidden Work Behind “It Just Works”

Heather and Shon note that behind every seamless integration is complex logic. Connecting identity systems like SCIM, SAML, and OpenID Connect requires shared understanding across platforms. A major challenge is the assumption that systems interpret identity attributes the same way.

Integration as Infrastructure

Shon sees integrations as core infrastructure, not just product features. At Pandium, his team treats them as reusable, composable flows. Even with modern tools, reliable integrations depend on clear contracts around data formats, identity handling, and error recovery.

When Identity Meets Governance

Heather stresses that integration design must align with governance requirements. In regulated environments, even passing a field like email may require approval. Developers must understand what data can be shared and what must stay controlled.

Building Trust Into the Stack

Trust requires more than encryption. It depends on visibility into what moved, when, and why. Heather advocates for logging and traceability as essential for debugging and for building confidence in identity-driven systems.

The Future of Identity-Aware Integrations

Heather and Shon agree that integration platforms must increasingly embed identity and compliance best practices by default. This includes granular permissioning and safer defaults for sensitive data. AI can help guide developers, but responsibility still rests with humans.

For more insights on integrations, identity, and APIs, visit www.pandium.com.