Thinking identity management : THINK BIG!

Our vision on identity management : don’t think about getting the information on users in a directory or database because it reduces the workload on your IT staff. Think bigger, think about what you can do with all the information. Think about giving your network users a “instant workplace”, “self provisioning” and give you’re IT staff a admin free user life cycle.

Identity Management Solutions, road map to success.

The project should to take all these services into consideration. This does not imply that all these services should actually be implemented. Only experienced IdM consultants will get a complete view of the services.

Steps on the roadmap:

  • A tactical view
  • High Level design
  • Project team
  • Inventory
  • Grand design
  • DTAO
  • Building
  • Data analasys
  • Go-Live

First step on the Roadmap: A tactical view
Identity Management is complex:
• Identity Management affects and influences all (ICT) resources and business processes.
• Identity Management requires a strong commitment from the organization.
• Identity Management obliges a multi disciplinary approach.

Tactical view
The quantity of critical parts for success or failure is as high in the social and organizational class as in the technical class. This requires a tactical view on the solution in a high level design. Commitment and persuasiveness can be gathered based on this view.

Any IdM solution needs to be scalable, prepared for future functionality etc.
But above all, all perspectives need to be taken in consideration. This includes ICT management, legislation, security and the rationalizing of current systems and procedures. The IdM solution must be designed to handle al these issues in the future.

This does not imply a full force IdM implementation. The actual implementation can be one step at a time. However future decisions can be better decided when a tactical view or high level design is used as basic assumption. For example: The high level design should include the decision whether or not to use a central repository and to which degree information is stored in this repository, only primary or both primary and secondary attributes. The design should also include the business processes and whether or not the process modificatios are required. This last sitiation might require large involvement of the organization. The administration of an IdM solution might be done by ICT staff while the ownership of the contents may be the HR department.

The tactical view is high influenced by the business case made by the organization. It might handle the reduction of helpdesk costs or operational risks, it might be efficiency or consistency of data, or it might be legislation or user friendliness.

The roadmap for an IdM trajectory consists of the following tasks.

High level design.
The high level design includes a general perspective of all systems, services and procedures which will be in the IdM solution. It also includes a high level design of the directory based on administration needs, organizational placement, locations and the relations between identities. The design also includes the business case with the arguments that are important to the company.
In order to write the design we need to make an inventory of all current sources and flow of information, the complete ICT landscape with all the systems and services included and business processes handling identities.
The high design will provide a charter of information to the organization in order to get familiar with IdM and to gather involvement of the organization. The involvement is needed because it might be possible that the tasks of employee or the processes need to be changed. Choices need to be made in these processes are not answered by the project but by the organization.

The high level design (in cooperation with a workshop or presentation) is also used to find a corporate sponsor and the key players. This employee (a manager at the highest level possible) will be the ambassador for the project within the company.

Forming a project team.
The IdM project team will include the following members:
• Project manager, facilitating the project with timesheets, planning etc.
• Technical project leader, a technical consultant with profound technical knowledge about IdM. This member is in charge of the complete technical scope of the solution.
• Data analist. This member will make the inventory of systems, services and processes. This member will also make an inventory about the current identity information which is stored in the disparate systems. The gathered information will be analyzed and structured; He or she will also make proposals for new or changed processes.
• Test members.
• Technical members (Programmers, DBA’s, Directory and system specialists)
• De customer, any connected systems which delivers or receives IdM information is named as a customer or consumer.
• De Identity Manager, This member is part of the project team but his/her biggest responsibility is to get functional knowledge about the solution. He or she will manage the operational systems and will need to notice, identify and track incidents on the date.

Of course one person can have one or more member roles

Because the IdM solution will encompass all current systems, services, data and processes a detailed inventory need to be made of the current situation. This should also include future wishes from the connected systems. A separate inventory should be made of each system, service and process. The processes will be translated in business rules.

Grand design.
The inventory and the high level design are the basic foundations for the grand design. This design includes a detailed design of any IdM system, the connection to the disparate systems, the IdM services. It also includes a corporate schema, with all attributes on a identity. This schema will be the base for many business processes.
Last but not least, a agreement can be put to paper for any of the connected systems. This agreement will deliver intelligibility on the impact and the services delivered by IdM.

To build DTAO environment.
DTAO stands for Development, Test, Acceptance and Operational environment. Different environments can be physically the same whether needed or not. But the test and development environment should be a mirror of the operational environment. Building the connections and Go-Live.
The Grand Design, corporate schema and customer agreements are the guidelines to build, test and use the connections. After thorough testing and acceptance the system can be put in productions