Thinking identity management : THINK BIG!
Our vision on identity management : don’t think about getting the information on users in a directory or database because it reduces the workload on your IT staff. Think bigger, think about what you can do with all the information. Think about giving your network users a “instant workplace”, “self provisioning” and give you’re IT staff a admin free user life cycle.
Identity Management Solutions, road map to success.
The project should to take all these services into consideration. This does not imply that all these services should actually be implemented. Only experienced IdM consultants will get a complete view of the services.
Steps on the roadmap:
- A tactical view
- High Level design
- Project team
- Inventory
- Grand design
- DTAO
- Building
- Data analasys
- Go-Live
First step on the Roadmap: A tactical view
Identity Management is complex:
• Identity Management affects and influences all (ICT) resources and business processes.
• Identity Management requires a strong commitment from the organization.
• Identity Management obliges a multi disciplinary approach.
Tactical view
The quantity of critical parts for success or failure is as high in
the social and organizational class as in the technical class. This
requires a tactical view on the solution in a high level design.
Commitment and persuasiveness can be gathered based on this view.
Any IdM solution needs to be scalable, prepared for future functionality etc.
But above all, all perspectives need to be taken in consideration.
This includes ICT management, legislation, security and the
rationalizing of current systems and procedures. The IdM solution
must be designed to handle al these issues in the future.
This does not imply a full force IdM implementation. The actual implementation can be one step at a time. However future decisions can be better decided when a tactical view or high level design is used as basic assumption. For example: The high level design should include the decision whether or not to use a central repository and to which degree information is stored in this repository, only primary or both primary and secondary attributes. The design should also include the business processes and whether or not the process modificatios are required. This last sitiation might require large involvement of the organization. The administration of an IdM solution might be done by ICT staff while the ownership of the contents may be the HR department.
The
tactical view is high influenced by the business case made by the
organization. It might handle the reduction of helpdesk costs or
operational risks, it might be efficiency or consistency of data, or
it might be legislation or user friendliness.
The roadmap for an IdM trajectory consists of the following tasks.
High level design.
The high level design includes a general perspective of all systems,
services and procedures which will be in the IdM solution. It also
includes a high level design of the directory based on administration
needs, organizational placement, locations and the relations between
identities. The design also includes the business case with the
arguments that are important to the company.
In order to write the
design we need to make an inventory of all current sources and flow
of information, the complete ICT landscape with all the systems and
services included and business processes handling identities.
The
high design will provide a charter of information to the organization in
order to get familiar with IdM and to gather involvement of the
organization. The involvement is needed because it might be possible
that the tasks of employee or the processes need to be changed.
Choices need to be made in these processes are not answered by the
project but by the organization.
The high level design (in cooperation with a workshop or presentation) is also used to find a corporate sponsor and the key players. This employee (a manager at the highest level possible) will be the ambassador for the project within the company.
Forming a project team.
The IdM project team will include the following members:
• Project manager, facilitating the project with timesheets, planning etc.
• Technical project leader, a technical consultant with profound
technical knowledge about IdM. This member is in charge of the
complete technical scope of the solution.
• Data analist. This
member will make the inventory of systems, services and processes.
This member will also make an inventory about the current identity
information which is stored in the disparate systems. The gathered
information will be analyzed and structured; He or she will also make
proposals for new or changed processes.
• Test members.
• Technical members (Programmers, DBA’s, Directory and system specialists)
• De customer, any connected systems which delivers or receives IdM information is named as a customer or consumer.
• De Identity Manager, This member is part of the project team but
his/her biggest responsibility is to get functional knowledge about
the solution. He or she will manage the operational systems and will
need to notice, identify and track incidents on the date.
Of course one person can have one or more member roles
Inventory.
Because the IdM solution will encompass all current systems,
services, data and processes a detailed inventory need to be made of
the current situation. This should also include future wishes from
the connected systems. A separate inventory should be made of each
system, service and process. The processes will be translated in
business rules.
Grand design.
The inventory and the high level design are the basic foundations for
the grand design. This design includes a detailed design of any IdM
system, the connection to the disparate systems, the IdM services. It
also includes a corporate schema, with all attributes on a identity.
This schema will be the base for many business processes.
Last but not least, a agreement can be put to paper for any of the
connected systems. This agreement will deliver intelligibility on the
impact and the services delivered by IdM.
To build DTAO environment.
DTAO stands for Development, Test, Acceptance and Operational
environment. Different environments can be physically the same
whether needed or not. But the test and development environment
should be a mirror of the operational environment. Building the connections and Go-Live.
The Grand Design, corporate schema and customer agreements are the
guidelines to build, test and use the connections. After thorough
testing and acceptance the system can be put in productions