The Hitachi ID Systems solution delivery team uses a standard process to implement identity management and access governance solutions for enterprise customers. This process is illustrated in Figure [link].
The Hitachi ID Systems solution delivery process is a linear progression of logical steps, each of which results in a document. Hitachi ID Systems customer must provide a sign-off for each document before the next phase of work can commence. The duration of each step or project phase, varies depending on the complexity of Hitachi ID Systems customer's organization, processes and requirements.
More detail about each phase in the Hitachi ID Systems solution delivery process follows:
- Project kickoff
An interview is held with the primary project stake-holders to identify the key business objectives for Hitachi ID Identity and Access Management Suite deployment. These objectives are prioritized and metrics are defined that will later be used to characterize success or identify problems.
Project objectives normally include reducing operating costs, improving service SLA, enhancing security and regulatory or policy compliance.
Metrics may include reduced help desk call volume (e.g., percent reduction or target monthly numbers), improved speed for provisioning new users or responding to access change requests, etc.
A short (normally 1-2 page) document formally defining business objectives is provided at the end of this phase.
- Needs analysis
A needs analysis phase is undertaken to review current Hitachi ID Systems customer identity management and access governance business processes, identify new processes that the project should implement and define technical details to implement the new processes.
In large or complex deployments, this phase may be broken down into an initial review, which identifies high-level objectives and generates a time and cost estimate for a second phase and a subsequent detailed analysis, which collects detailed information about data flows, attribute mappings, change authorization, role definition, etc. In this case, a summary process analysis document is produced in the first phase and detailed documents are produced in the second phase.
The needs analysis phase produces two documents:
- A process analysis document, which includes:
- A list of current processes used to set up new staff
with access, to update identity attributes and security
entitlements as business needs change, to terminate access
and to manage passwords.
- A list of desired processes that the Hitachi ID Identity and Access Management Suite implementation
will enable. This may include:
- Automatic propagation of user data from systems of record to target systems.
- Self-service workflow to allow users to request and authorize access changes.
- Consolidated and delegated user administration.
- Consolidated reporting on access rights and access change history.
- Password synchronization, self-service reset and assisted reset.
- Processes to collect new data from the user population, such as security questions for authentication, demographic information, login ID reconciliation or biometric samples.
- User notification for events such as upcoming password expiration, user profile changes, etc..
- A logical architecture, which shows how systems and external processes interact to implement the above processes.
- A list of current processes used to set up new staff with access, to update identity attributes and security entitlements as business needs change, to terminate access and to manage passwords.
- A technology analysis document, which includes:
- A network architecture illustrating how Hitachi ID Identity and Access Management Suite will tie into existing IT infrastructure.
- Integration details for each and every system with which Hitachi ID Identity and Access Management Suite will exchange data.
- Attribute mappings, correlating user profile attributes between systems of record, change requests and target systems.
- Process details, including business logic for change propagation, input validation for the self-service workflow system, authorizer routing rules, login ID assignment standards, procedures for delegation and automated escalation of authorization responsibility, etc.
- A process analysis document, which includes:
- Project planning
In the project planning phase, Hitachi ID Systems develops a technical architecture, roll-out plan and a SOW for the installation and configuration of Hitachi ID Identity and Access Management Suite. These documents define what components of the software will be installed and where, how plug-ins will be used to implement business logic, how users will be asked to use the system and how the system will integrate with existing infrastructure.
These items are presented to Hitachi ID Systems customer and an open discussion ensues to finalize the design.
- Software development
In some deployments, some custom software may be required. Software development is normally carried out on a fixed-price, fixed-deliverable basis, with prior agreement on a statement of work.
- Installation and configuration
Hitachi ID Systems engineers normally install Hitachi ID Identity and Access Management Suite through a combination of on-site visits and remote work.
The installation phase normally includes installation of Hitachi ID Systems software on servers, on-premise or SaaS, physical or virtual, based on Hitachi ID Systems customer preferences.
Next, configuration proceeds both to integrate with Hitachi ID Systems customer systems and to implement Hitachi ID Systems customer policies and business processes.
Most Hitachi ID Systems customers choose to deploy functionality incrementally.
After installing Hitachi ID Identity and Access Management Suite, Hitachi ID Systems engineers produce a "Site Report," which outlines everything that was installed and configured.
Roll-out follows Hitachi ID Identity and Access Management Suite installation and again is normally phased. In most deployments, unit testing is followed by stress tests (normally just for Hitachi ID Password Manager), then by pilot tests with select user communities and finally with a phased activation of the entire user population.
Hitachi ID Systems normally shows customers how to run reports once roll-out has begun, to identify activated users and measure user adoption.
Data is available in Hitachi ID Identity and Access Management Suite to track transaction rates, user enrollment, success and failure of events such as logins, requests, target system updates, auto discovery metrics, etc.
Hitachi ID Systems advises its customers to track these metrics over time, to ensure successful deployment and to measure success in relation to metrics and business objectives set out during the project kickoff.
Once the software has been installed and configured and roll-out has commenced, Hitachi ID Systems normally signs off on the professional services engagement and switches from a pro-active deployment mode to an ongoing support arrangement with customers.
For more information please contact: