SlideShare a Scribd company logo
1 of 33
Download to read offline
#identiverse
How (not) to fail
your IAM project
#identiverse
Senior Manager
Bertrand
CARLIER
Wavestone
Founding Member
IDPro
#identiverse
#identiverse
I’ve failed. Many times
and for many reasons.
#identiverse
#identiverse
#identiverse
#identiverse
#identiverse
#identiverse
#identiverse
#identiverse
#identiverse
If you’re here at Identiverse,
and specifically in this session,
you probably are not in the easy
greenfield scenario
#identiverse
#identiverse
#identiverse
So you’re likely thinking about
upgrading your IAM stack
#identiverse
What difficulties do
IGA projects frequently
encounter?
#identiverse
#identiverse
Until it is seen as an opportunity to break status quo and leads to a
requirements spree…
…creating an imbalance between original goals and available budget
Manage new
identity categories
Provide
mobile/responsive UI
Put the manager in a central
position among processes
Upgrading the IGA stack generally aims to
cope with technical debt
Integrate newer organization
master data systems
Deal with the
IS updates
Enhance
UX
Deploy IAM throughout
all business units
Better integration
with ITSM
Enhance
performances
Cope with other
components obsolescence
Get more agile,
more responsive
Simplify
workflows
Better integrated
processes
Be compliant to regulations
through access rights review
Manage access to
collaborative suite
#identiverse
#1 Imbalance: “It’s only about technical debt”
• Attempting to improve or replace the current solution without
questioning the guiding principles of IAM will result in a misalignment
with a company whose business context and requirements have
changed.
• Simply considering the renewal or the setup of a technical solution
misses or underestimates some critical aspects:
• Technological difference between older and newer solutions
• Loss of knowledge on what is exactly deployed in production
• No difference made between old customizations to answer a real
requirement or a missing functionality of the solution
• User impact and therefore change management efforts
Enterprise
context
Business and
IT requirements
IAM ambition
Organization &
IAM Processes
Technical solution
AD
ERP
HR IS
Collab.
tools
Technical solution
Parameterization / configuration
/ customizations
Integration with the whole IS
#identiverse
#2 Imbalance: “It’s an opportunity to enhance”
• With more ambitions than the first approach, the aim is to make the
IAM implementation evolve, but still without questioning IAM guiding
principles
• This presumes that the current solution is actually satisfying towards
end-users and IAM actors in general
• The IAM solution is not a technical debt monolith. It was maintained and
evolved to follow the IS evolutions and organisational changes
• The initial ambitions, the organisation and IAM processes are still relevant
• The enterprise context, business and IT requirements are not challenged
nor challengeable
Enterprise
context
Business and
IT requirements
IAM ambition
Organization &
IAM Processes
Technical solution
AD
ERP
HR IS
Collab.
tools
Technical solution
Parameterization /configuration/
customizations
Integration with the whole ISS
Parameterization / configuration
/ customizations
Integration with the whole IS
#identiverse
But it’s not about enhancing. It’s about
embracing the many changes
• Far too often, the IAM solution is actually offset with profound
evolutions that were not anticipated nor followed:
• New requirements linked to regulations or audit
• Adaptations to organizational changes, infrastructure rationalizations
• Applications have evolved
• Cloud applications are now the majority
• …
• It must then be possible to redefine and share an updated IAM
ambition, with its associated organisation and processes
• And finally correctly assess the project’s scope
Contexte de
l’Entreprise
Besoins
métier et SI
L’ambition IAM
Organisation &
Processus IAM
Technical solution
AD
ERP
SI RH Collab.
Technical solution
Paramétrage fonctionnel
/ personnalisation
Intégration dans le SI
Parameterization / configuration
/ customizations
Integration with the whole IS
Enterprise
context
Business and
IT requirements
AD
HR IS
Collab.
tools
IAM ambition
Organization &
IAM Processes
confidentiel | © WAVESTONE 23
#identiverse
What to do then?
#identiverse
Acknowledge that IAM is a major transformation
Do not underestimate the impacts
IAM solution setup
New authorization
modelling
Data repository
& data cleansing
New processes &
Change management
IS interactions
& other dependencies
#identiverse
Acknowledge that IAM is a major transformation
Set up a transversal IAM program
IAM
solution
setup
New
authorization
modelling
Data
repository
&
data
cleansing
New
processes
&
Change
management
IS
interactions
&
other
dependencies
Program leader PMO
Design authority
IAM policies
Service opening rendezvous
#identiverse
Acknowledge that IAM is a major transformation
Identify a strong sponsorship & Advertize the ambition
IAM
solution
renewal
New
authorization
modelling
Data
repository
&
data
cleansing
New
processes
&
Change
management
IS
interactions
&
other
dependencies
Program leader PMO
Design authority
IAM policies
Service opening rendezvous
Executive Sponsor Ambition
confidentiel | © WAVESTONE 27
#identiverse
And maybe a detour is
what you need…
#identiverse
#identiverse
Is decommissioning the legacy tool really
your priority?
Other IT systems
Master data
repository
Identity management Access management
AuthZ
Directory
HR
repository
IAM for IT
White Pages
Apps
not
covered
by IdM
ID lifecycle
management
Authorization
management
Provisioning
Users
Managers /
Data owner /
App owners
ITSM / ticketing
Self-service
Federation & access ctrl
Applications Database
Strong auth & multifactor
Operations Access
Identity Analytics & Intelligence
Data analysis
& dashboards
Advanced
SOD
Data
warehouse
Access
Review
Monitoring & control
Data warehouse strategy
• Less intrusive
• Flexible
• Simulation
• Feedback loop
#identiverse
Should the legacy IAM be part of the roadmap?
Legacy systems
Master data
repository
HR
repository
Mainframe
RACF
Would-be
legacy
applications
Identity management
ID
lifecycle
Authz.
mngt
Provisioning
Legacy IAM
Connectors
Modern apps
Modern apps
Data analysis
& dashboards
Advanced
SOD
Data
warehouse
Access
Review
New IGA
Users
Managers /
data owners /
App owners
ID lifecycle
management
Authorization
management
Provisioning
Self-service
ITSM
API
API
std API
#identiverse
#identiverse
Thank you!
#identiverse

More Related Content

Similar to 2022 Identiverse : How (not) to fail your IAM project

Enterprise Architecture: Part I - Contextualizing the Practice
Enterprise Architecture: Part I - Contextualizing the PracticeEnterprise Architecture: Part I - Contextualizing the Practice
Enterprise Architecture: Part I - Contextualizing the Practice
Fru Louis
 
Corporate Technologies
Corporate TechnologiesCorporate Technologies
Corporate Technologies
Jhill324
 
Balance Sheet (Financial) Consolidation
Balance Sheet (Financial) ConsolidationBalance Sheet (Financial) Consolidation
Balance Sheet (Financial) Consolidation
Dhiren Gala
 

Similar to 2022 Identiverse : How (not) to fail your IAM project (20)

Juriba - How to Get Your Management Fired Up About Evergreen IT After Your Wi...
Juriba - How to Get Your Management Fired Up About Evergreen IT After Your Wi...Juriba - How to Get Your Management Fired Up About Evergreen IT After Your Wi...
Juriba - How to Get Your Management Fired Up About Evergreen IT After Your Wi...
 
Newsletter connect - Oct 2015
Newsletter connect - Oct 2015Newsletter connect - Oct 2015
Newsletter connect - Oct 2015
 
RSG Sri Lanka Presentation - Ravindra Perera- Public Version.pdf
RSG Sri Lanka Presentation - Ravindra Perera- Public Version.pdfRSG Sri Lanka Presentation - Ravindra Perera- Public Version.pdf
RSG Sri Lanka Presentation - Ravindra Perera- Public Version.pdf
 
Dynamic Datacenter - How to create a Dynamic Enviroment
Dynamic Datacenter - How to create a Dynamic EnviromentDynamic Datacenter - How to create a Dynamic Enviroment
Dynamic Datacenter - How to create a Dynamic Enviroment
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical Debt
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
 HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
 
Enterprise Architecture: Part I - Contextualizing the Practice
Enterprise Architecture: Part I - Contextualizing the PracticeEnterprise Architecture: Part I - Contextualizing the Practice
Enterprise Architecture: Part I - Contextualizing the Practice
 
Ambasoft Presentation Master 2010 Final 2
Ambasoft Presentation Master 2010 Final  2Ambasoft Presentation Master 2010 Final  2
Ambasoft Presentation Master 2010 Final 2
 
Ambasoft Presentation Master 2010 Final 2
Ambasoft Presentation Master 2010 Final  2Ambasoft Presentation Master 2010 Final  2
Ambasoft Presentation Master 2010 Final 2
 
Focus on innovation for customer centricity
Focus on innovation for customer centricityFocus on innovation for customer centricity
Focus on innovation for customer centricity
 
Business transformation with_bpm_Manila_Apr-2013
Business transformation with_bpm_Manila_Apr-2013Business transformation with_bpm_Manila_Apr-2013
Business transformation with_bpm_Manila_Apr-2013
 
Corporate Technologies
Corporate TechnologiesCorporate Technologies
Corporate Technologies
 
Business Intelligenze Corporate
Business Intelligenze CorporateBusiness Intelligenze Corporate
Business Intelligenze Corporate
 
Business Intelligence and Analytics Capability
Business Intelligence and Analytics CapabilityBusiness Intelligence and Analytics Capability
Business Intelligence and Analytics Capability
 
IMC IMPRIVA
IMC IMPRIVAIMC IMPRIVA
IMC IMPRIVA
 
Balance Sheet (Financial) Consolidation
Balance Sheet (Financial) ConsolidationBalance Sheet (Financial) Consolidation
Balance Sheet (Financial) Consolidation
 
The Role Of The Architect In Turbulent Times
The Role Of The Architect In Turbulent TimesThe Role Of The Architect In Turbulent Times
The Role Of The Architect In Turbulent Times
 
Itraj company profile
Itraj company profileItraj company profile
Itraj company profile
 
Why IT needs more IT Architects (IASA style)
Why IT needs more IT Architects (IASA style)Why IT needs more IT Architects (IASA style)
Why IT needs more IT Architects (IASA style)
 
Loudoun SBDC Information Technology (IT) Investment CIO and Due Diligence Str...
Loudoun SBDC Information Technology (IT) Investment CIO and Due Diligence Str...Loudoun SBDC Information Technology (IT) Investment CIO and Due Diligence Str...
Loudoun SBDC Information Technology (IT) Investment CIO and Due Diligence Str...
 

More from Bertrand Carlier

More from Bertrand Carlier (11)

Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundations
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
 
OAuth2 stands overview
OAuth2 stands overviewOAuth2 stands overview
OAuth2 stands overview
 
CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?
 
Ping City Tour Paris - Identité des Objets
Ping City Tour Paris - Identité des ObjetsPing City Tour Paris - Identité des Objets
Ping City Tour Paris - Identité des Objets
 
GS Days 2017 - La sécurité des APIs
GS Days 2017 - La sécurité des APIsGS Days 2017 - La sécurité des APIs
GS Days 2017 - La sécurité des APIs
 
Wavestone - Séminaire à Paris sur la psd 2 et l'éconmie de l'api
Wavestone - Séminaire à Paris sur la psd 2 et l'éconmie de l'apiWavestone - Séminaire à Paris sur la psd 2 et l'éconmie de l'api
Wavestone - Séminaire à Paris sur la psd 2 et l'éconmie de l'api
 
DSP2 standards, sécurité, quels impacts wavestone
DSP2 standards, sécurité, quels impacts   wavestoneDSP2 standards, sécurité, quels impacts   wavestone
DSP2 standards, sécurité, quels impacts wavestone
 
Wavestone forgerock banking demo
Wavestone forgerock banking demoWavestone forgerock banking demo
Wavestone forgerock banking demo
 
Présentation budget insight impacts de la dsp2
Présentation budget insight impacts de la dsp2Présentation budget insight impacts de la dsp2
Présentation budget insight impacts de la dsp2
 
Paris Identity Tech Talk IoT
Paris Identity Tech Talk IoTParis Identity Tech Talk IoT
Paris Identity Tech Talk IoT
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

Recently uploaded (20)

State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 

2022 Identiverse : How (not) to fail your IAM project

  • 1. #identiverse How (not) to fail your IAM project
  • 4. #identiverse I’ve failed. Many times and for many reasons.
  • 13. #identiverse If you’re here at Identiverse, and specifically in this session, you probably are not in the easy greenfield scenario
  • 16. #identiverse So you’re likely thinking about upgrading your IAM stack
  • 17. #identiverse What difficulties do IGA projects frequently encounter?
  • 19. #identiverse Until it is seen as an opportunity to break status quo and leads to a requirements spree… …creating an imbalance between original goals and available budget Manage new identity categories Provide mobile/responsive UI Put the manager in a central position among processes Upgrading the IGA stack generally aims to cope with technical debt Integrate newer organization master data systems Deal with the IS updates Enhance UX Deploy IAM throughout all business units Better integration with ITSM Enhance performances Cope with other components obsolescence Get more agile, more responsive Simplify workflows Better integrated processes Be compliant to regulations through access rights review Manage access to collaborative suite
  • 20. #identiverse #1 Imbalance: “It’s only about technical debt” • Attempting to improve or replace the current solution without questioning the guiding principles of IAM will result in a misalignment with a company whose business context and requirements have changed. • Simply considering the renewal or the setup of a technical solution misses or underestimates some critical aspects: • Technological difference between older and newer solutions • Loss of knowledge on what is exactly deployed in production • No difference made between old customizations to answer a real requirement or a missing functionality of the solution • User impact and therefore change management efforts Enterprise context Business and IT requirements IAM ambition Organization & IAM Processes Technical solution AD ERP HR IS Collab. tools Technical solution Parameterization / configuration / customizations Integration with the whole IS
  • 21. #identiverse #2 Imbalance: “It’s an opportunity to enhance” • With more ambitions than the first approach, the aim is to make the IAM implementation evolve, but still without questioning IAM guiding principles • This presumes that the current solution is actually satisfying towards end-users and IAM actors in general • The IAM solution is not a technical debt monolith. It was maintained and evolved to follow the IS evolutions and organisational changes • The initial ambitions, the organisation and IAM processes are still relevant • The enterprise context, business and IT requirements are not challenged nor challengeable Enterprise context Business and IT requirements IAM ambition Organization & IAM Processes Technical solution AD ERP HR IS Collab. tools Technical solution Parameterization /configuration/ customizations Integration with the whole ISS Parameterization / configuration / customizations Integration with the whole IS
  • 22. #identiverse But it’s not about enhancing. It’s about embracing the many changes • Far too often, the IAM solution is actually offset with profound evolutions that were not anticipated nor followed: • New requirements linked to regulations or audit • Adaptations to organizational changes, infrastructure rationalizations • Applications have evolved • Cloud applications are now the majority • … • It must then be possible to redefine and share an updated IAM ambition, with its associated organisation and processes • And finally correctly assess the project’s scope Contexte de l’Entreprise Besoins métier et SI L’ambition IAM Organisation & Processus IAM Technical solution AD ERP SI RH Collab. Technical solution Paramétrage fonctionnel / personnalisation Intégration dans le SI Parameterization / configuration / customizations Integration with the whole IS Enterprise context Business and IT requirements AD HR IS Collab. tools IAM ambition Organization & IAM Processes
  • 23. confidentiel | © WAVESTONE 23 #identiverse What to do then?
  • 24. #identiverse Acknowledge that IAM is a major transformation Do not underestimate the impacts IAM solution setup New authorization modelling Data repository & data cleansing New processes & Change management IS interactions & other dependencies
  • 25. #identiverse Acknowledge that IAM is a major transformation Set up a transversal IAM program IAM solution setup New authorization modelling Data repository & data cleansing New processes & Change management IS interactions & other dependencies Program leader PMO Design authority IAM policies Service opening rendezvous
  • 26. #identiverse Acknowledge that IAM is a major transformation Identify a strong sponsorship & Advertize the ambition IAM solution renewal New authorization modelling Data repository & data cleansing New processes & Change management IS interactions & other dependencies Program leader PMO Design authority IAM policies Service opening rendezvous Executive Sponsor Ambition
  • 27. confidentiel | © WAVESTONE 27 #identiverse And maybe a detour is what you need…
  • 29. #identiverse Is decommissioning the legacy tool really your priority? Other IT systems Master data repository Identity management Access management AuthZ Directory HR repository IAM for IT White Pages Apps not covered by IdM ID lifecycle management Authorization management Provisioning Users Managers / Data owner / App owners ITSM / ticketing Self-service Federation & access ctrl Applications Database Strong auth & multifactor Operations Access Identity Analytics & Intelligence Data analysis & dashboards Advanced SOD Data warehouse Access Review Monitoring & control Data warehouse strategy • Less intrusive • Flexible • Simulation • Feedback loop
  • 30. #identiverse Should the legacy IAM be part of the roadmap? Legacy systems Master data repository HR repository Mainframe RACF Would-be legacy applications Identity management ID lifecycle Authz. mngt Provisioning Legacy IAM Connectors Modern apps Modern apps Data analysis & dashboards Advanced SOD Data warehouse Access Review New IGA Users Managers / data owners / App owners ID lifecycle management Authorization management Provisioning Self-service ITSM API API std API