The Hitachi ID Systems solution delivery team uses a standard process to implement identity and access management (IAM) solutions for enterprise customers. This process is illustrated in Figure [link].
The Hitachi ID solution delivery process is a linear progression of logical steps, each of which results in a document. Hitachi ID customer must provide a sign-off for each document before the next phase of work can commence. The duration of each step or project phase, varies depending on the complexity of the Hitachi ID customer organization, processes and requirements.
More detail about each phase in the Hitachi ID solution delivery process follows:
- Project kickoff
An interview is held with the primary project stake-holders to identify the key business objectives for Hitachi ID Identity and Access Management Suite deployment. These objectives are prioritized and metrics are defined that will later be used to characterize success or identify problems.
Project objectives normally include reducing operating costs, improving service Service Level Agreement (SLA) , enhancing security and regulatory or policy compliance.
Metrics may include reduced help desk call volume (e.g., percent reduction or target monthly numbers), improved speed for provisioning new users or responding to access change requests, etc.
A short (normally 1-2 page) document formally defining business objectives is provided at the end of this phase.
- Needs analysis
A needs analysis phase is undertaken to review current Hitachi ID customer IAM business processes, identify new processes that the project should implement and define technical details to implement the new processes.
In large or complex deployments, this phase may be broken down into an initial review, which identifies high-level objectives and generates a time and cost estimate for a second phase and a subsequent detailed analysis, which collects detailed information about data flows, attribute mappings, change authorization, role definition, etc. In this case, a summary process analysis document is produced in the first phase and detailed documents are produced in the second phase.
The needs analysis phase produces two documents:
- A process analysis document, which includes:
- A list of current processes used to set up new staff
with access, to update identity attributes and security
entitlements as business needs change, to terminate access
and to manage passwords.
- A list of desired processes that the Hitachi ID Suite implementation
will enable. This may include:
- Automatic propagation of user data from systems of record to target systems.
- Self-service workflow to allow users to request and authorize access changes.
- Consolidated and delegated user administration.
- Consolidated reporting on access rights and access change history.
- Password synchronization, self-service reset and assisted reset.
- Processes to collect new data from the user population, such as security questions for authentication, demographic information, login ID reconciliation or biometric samples.
- User notification for events such as upcoming password expiration, user profile changes, etc..
- A logical architecture, which shows how systems and external processes interact to implement the above processes.
- A list of current processes used to set up new staff with access, to update identity attributes and security entitlements as business needs change, to terminate access and to manage passwords.
- A technology analysis document, which includes:
- A network architecture illustrating how Hitachi ID Suite will tie into existing IT infrastructure.
- Integration details for each and every system with which Hitachi ID Suite will exchange data.
- Attribute mappings, correlating user profile attributes between systems of record, change requests and target systems.
- Process details, including business logic for change propagation, input validation for the self-service workflow system, authorizer routing rules, login ID assignment standards, procedures for delegation and automated escalation of authorization responsibility, etc.
- A process analysis document, which includes:
- Project planning
In the project planning phase, Hitachi ID develops a technical architecture, roll-out plan and a Statement of Work (SOW) for the installation and configuration of Hitachi ID Suite. These documents define what components of the software will be installed and where, how plug-ins will be used to implement business logic, how users will be asked to use the system and how the system will integrate with existing infrastructure.
These items are presented to Hitachi ID customer and an open discussion ensues to finalize the design.
- Software development
In some deployments, some custom software may be required. Software development is normally carried out on a fixed-price, fixed-deliverable basis, with prior agreement on a statement of work.
- Installation and configuration
Hitachi ID engineers normally install Hitachi ID Suite through a combination of on-site visits and remote work.
The installation phase normally includes installation of Hitachi ID software on servers, on-premises or SaaS, physical or virtual, based on Hitachi ID customer preferences.
Next, configuration proceeds both to integrate with Hitachi ID customer systems and to implement Hitachi ID customer policies and business processes.
Most Hitachi ID customers choose to deploy functionality incrementally.
After installing Hitachi ID Suite, Hitachi ID engineers produce a "Site Report," which outlines everything that was installed and configured.
Roll-out follows Hitachi ID Suite installation and again is normally phased. In most deployments, unit testing is followed by stress tests (normally just for Hitachi ID Password Manager), then by pilot tests with select user communities and finally with a phased activation of the entire user population.
Hitachi ID normally shows customers how to run reports once roll-out has begun, to identify activated users and measure user adoption.
Data is available in Hitachi ID Suite to track transaction rates, user enrollment, success and failure of events such as logins, requests, target system updates, auto discovery metrics, etc.
Hitachi ID advises its customers to track these metrics over time, to ensure successful deployment and to measure success in relation to metrics and business objectives set out during the project kickoff.
Once the software has been installed and configured and roll-out has commenced, Hitachi ID normally signs off on the professional services engagement and switches from a pro-active deployment mode to an ongoing support arrangement with customers.
For more information please contact: