×

IDMWORKS Blog

The Path Less Taken – When and Why to Futz with your Identity Management


Recently we had a customer with an existing provisioning application that was quite a few revisions back. They also wanted to add Role Management functionality to their environment. Additionally their IDM infrastructure was hosted by a another company which was causing a wrinkle in their plans.

So the questions became:

Path I – Purchase and implement an IDM Provisioning tool and provision directly to hosted Directory, Mainframe and other applications.

Path II – Purchase and implement an IDM Provisioning tool and send provisioning requests to to the hosted IDM (in a spoke and hub model).

Path III – Integrate Role Management within their environment and eventually connect to one of the two paths above.

Path IV – Do nothing

So let’s take a look at our options:

Path I – Kill the hosted IDM gracefully:
– Install an IDM provisioning infrastructure
– Establish HR as the Authoritative Source connectivity to the hosted IDM
– Implement connectors to hosted directory, Mainframe, etc.
– Use migration tools to migrate users, roles and workflows to the IDM
– Establish Role Management application to IDM using a connector/bridge for an integrated infrastructure
– Repeat for all provisioning end points
– Shutdown hosted IDM and assume IDM responsibilities inhouse
Pros: Get rid of reliance on hosted organization with spotty track record. Keep quality control inhouse. Speed up the current processes and increase audit control exponentially.
Cons: Costs include product, resource costs, project costs, operational costs go way up.

Path II – Hub & Spoke our IDM:
– Install an IDM provisioning infrastructure
– Establish HR Authoritative Source connectivity to IDM
– Implement a connector/bridge to hosted IDM provisioning engine (Hub & Spoke)
– Work with hosted IDM to correct current process deficiencies (i.e. fix what is broken)
– Establish Role Management application to IDM connector/bridge for integrated infrastructure
Pros: Shift some, but not all, quality control in-house. Speed up the current processes in some, but not all, aspects. Increase audit control and capabilities exponentially.
Cons: Keep reliance on hosted solution for some, but not all, processes. Costs include product, resource costs, project costs, operational costs go up.

Path III – Role Manage the Host
– Establish Role Management application to hosted IDM
– Work with hosted IDM to correct current process deficiencies (i.e. fix what is broken)
Pros: Increase audit control and capabilities exponentially.
Cons: Keep reliance on hosted solution. Costs include product, resource costs, project costs, operational costs go up.

Path IV – Do Nothing, Live with it
Sort of defeats the purpose but then again doesn’t require a project budget
Pros: No project, product or operational costs
Cons: Keep reliance on hosted solution. Costs include effort to correct spotty hosted solution, ongoing weak processes and any related audit findings due to ineffectual hosted solution.

I am not going to state what this client selected as with most roadmaps things change very quickly. So I ask you reader, what do you think they should do and why? I am sure the pure techies will say Path I and the business folk will land somewhere in the middle. But it’s the why that makes us most curious. So please feel free to make your opinion known in the comments section below.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Comments on: “The Path Less Taken – When and Why to Futz with your Identity Management”

  1. I would start with option 2. Then move to option 1 gradually. Phased approach, small steps,lower risks, controlled budget. It will increase quality and insure success for the long run, even if the role engineering will take longer.

Leave a Reply

Your email address will not be published. Required fields are marked *