This document presents best practices for deploying and operating an identity management infrastructure. It builds on Hitachi ID Systems's years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
The document is organized as follows:
Some basic definitions that help clarify the subsequent material.
Identity management is more accurately described as a change in the IT organization and business processes than a finite project. Deployment can reasonably be expected to continue indefinitely, with more features and integrations are added over time.
Given the long-term investment in identity management, it makes sense to identify and focus the highest priority business drivers first.
To minimize project risk and to ensure a positive return on investment, it is essential to deliver tangible results early in the project, and keep delivering new benefits regularly.
Identity management is focused on the user -- a human being represented on multiple IT systems, by a combination of identity attributes and privileges. It follows that user adoption is a prerequisite to success.
Some integrations and features depend on others. This section identifies major interdependencies, which impact project timelines.
A typical methodology for delivering a given project milestone.
Pulling all of the above together, a sample project timeline is developed, step-by-step.
IAM is defined as a shared platform and consistent processes for managing information about users: who they are, how they are authenticated and what they can access.
Enterprise Identity and Access Management (IAM) is defined as a set of processes and technologies to effectively and consistently manage modest numbers of users and entitlements across multiple systems. In this definition, there are typically significantly fewer than a million users, but users typically have access to multiple systems and applications.
Typical enterprise identity and access management scenarios include:
Adjacent problem areas to Identity and access management (IAM) include Privileged access management (PAM) and directories.