What you need to do before you start an IAM implementation
There are several measures you can and should take to prepare for the successful, efficient and on-target IAM implementation. The more carefully such a project is planned, the smoother and simpler the actual implementation will turn out.
Many IAM projects end up exceeding the planned time and budget many times over. The possible reasons are manifold, but generally not only the system provider is to blame – instead, more likely than not, the project preparation and definition of the required specialist concepts was also flawed.
The implementation strongly depends on the processes and specialist concepts, and it takes a lot of time to define these if they have not been discussed and agreed on prior to the implementation stage. What further complicates an IAM implementation are the diverging interests of the various departments involved, who need to agree on coordinated procedures. The administrators of the different IT systems take a widely different view than the specialist departments, and compliance requirements introduce further complications on the way to obtaining smooth daily business workflows.
Build a team
Once the project has been announced in the company and the employees are familiar with the associated goals, it is important to find proper ways to represent the IT and specialist view in the project team.
IAM systems in particular impact a company across all departments and touch upon both technical and specialist aspects. Therefore, it is of the essence to set up a project workflow that can communicate between and balance the needs of the IT and business worlds.
Based on many years of experience, we thus recommend that companies first define which IT systems are to be initially connected with the IAM system. It has proven highly beneficial to first talk to the system administrators to discuss and define the project and future work practices. Following this, the specialist departments and their needs should be heard. Here, too, the future work practices and responsibilities must be defined.
In this early phase, the definition of the role concept and separation of technical roles (to be assumed for each target system by the corresponding administrators) and the specialist roles (derived from the technical roles by the specialist users) should commence. What also needs to be defined are the processes for requesting access rights as well as how regular checks are to be performed.
What you should do before the IAM implementation starts
To get fit for an IAM implementation we recommend that companies define the following items before moving on to the implementation stage:
- Basic project structure and, where needed, definition of separate project stages
- Initial steps and deciding on the role concept while accounting for the 5 rules of setting up a successful role management scheme
- Defining the ‘owner scheme’ for roles and groups
- Defining the criteria for user consolidation based on the systems to be connected
- Defining employee data imports from the HR system
- Are there clearly defined rules for the separation of duties that must be implemented in the role concept? Who is in charge of defining the SoD rules?
- Are there any third-party systems to be connected to the IAM system as a source system?
- In order for your IAM implementation project to succeed, all these requirements should have been considered and worked out before starting to implement the IAM system.
For more information on IAM services go to Services