Presented at the Oklahoma Council for Information Technology (CoIT) Conference 2017. Want to get a taste of the ups and downs of a higher education IAM Program after a year? This presentation gives you a taste of OU's Journey.
1. ONE YEAR LATER –
EVOLVING IAM IN HIGHER
Presented By: Dave Shields,
Managing Director of Identity and Access Management – University of
2. About Us
• Publicly funded, research and grant based
institution with over 35,000 students and
• Over 100 colleges across three campuses
• Highly decentralized organization,
especially related to identity sources
3. It Seems Like Yesterday…
• One year ago, we began building a next
generation IAM platform for OU
• Now, we are less than two weeks from
offering the development lab Go-Live
• We learned some things and wanted you
to learn from our mistakes and successes.
4. Quick Review
• OU is replacing our legacy, in-house
created IAM system with a COTS IAM
• Using our IAM Roundtable, we made 10
Business Requirements and evaluated
• After evaluating vendors, we selected
NetIQ as the highest scoring vendor for
• We started with Phase 1 and will go into
5. Phase 1 Goals
• Replace our legacy, in-house solution.
• Consume account requests from
PeopleSoft, Banner, Slate, Exceptions,
and historical sources
• Perform extensive de-duplication of data
• Provision accounts to Active Directory and
• Create accounts in hours, not days.
• Even after a year of discovery, there were
some processes that we didn’t know about
• During the build-up, new sources of record
• Due to complexity, timeline adjusted many
• Resource constraints caused unexpected
7. Mistake 1 – Discovery Covered It
• Over a year was spent to try and
understand all processes.
• We thought we had it all documented
• Incomplete view of process complexity
• You have this, but it needs this too…
8. Result – Moving Targets
• As processes were built in NetIQ, pieces
• Discovery began to overlap development
• Key processes were not fully understood
• Trying to lock down processes caused
several ‘moving targets’ especially in
9. Mistake 2 – Not Planning for Future
• New systems became critical while we
were prepping for the Development Lab
• Processes changed due to new systems
• Old processes became irrelevant and new,
unknown processes became critical.
• It worked that way until…
10. Result – Reinventing the Wheel
• Developed processes had to be
scrapped/re-worked to accept the “new”
• In-flight changes cause turbulence and
• Resources continued to contract and
• Once again – moving targets
11. Mistake 3 – Timeline Optimism
• Timeline prediction was set very short to
allow for it to stretch
• Too many assumptions were made off
• Resource constraints were not fully
• You want this when?
12. Result – Missed Deadlines
• Original Go-Live of Development Lab was
October 2016, then December 2016.
• A week before Dev Go-Live = PANIC
• Increased project management oversight
• Negative perception of credibility
• IAM Timeline began to feel like…
14. Mistake 4 – Resources
• The resources originally planned to help
with IAM got stretched too thin from other
• Too many projects, not enough resources.
• Agreement on priorities were often skewed
• If everything is critical, nothing is critical…
15. Result – Increased Problem
• Too many timing issues caused all teams
to struggle with problems.
• Extreme project management and
oversight needed to reduce concerns.
• Negative perception of credibility
16. Turning The Tides
• All is NOT lost! We fixed this and so can
• With a few adjustments and a fluid
timeline, you can succeed like we did!
• To turn the tides:
– Recognize what you can deliver
– Admit challenges and solve them
– Build bridges, not walls
– Create an accountability list
18. What can you deliver?
• Do not try to ‘do it all’ at once…
• It will not have ‘everything’ from Day 1
• You will need to implement IAM in
19. What can you deliver?
• Don’t overpromise and underdeliver.
• If it takes longer, it may be better than
20. Solution: Realistic Delivery
• OU will take longer to build our IAM than
we wanted but it will be better for all
• Your IAM will ALWAYS cost more than you
• Establish a clear deliverable for Phase 1
then log requests for the future phases.
21. Admit Challenges and Solve Them
• Challenges WILL happen!
• A challenge is NOT a problem
• Do not try to be the IAM Superman…
22. Admit Challenges and Solve Them
• Project management can help you, not
• All of your stakeholders want this to
• Admitting issues increases your credibility.
23. Solution: Keep Things Fluid
• Give yourself more time to complete IAM,
YOU WILL NEED IT.
• Keep feedback loops open so that
problems can be solved.
• Most of all… take a “Q-TIP”
Quit Taking It Personal
24. Build Bridges, Not Walls
• High-profile, expensive projects like IAM
are hard for EVERYONE
• Emotions and Pressure will impact all
• Mistakes will be made
25. Solution: Communication
• Remember, the other teams are just as
frustrated as you!
• Communicate directly if you can, indirectly
if you cannot.
• Honesty is STILL the best policy.
26. Create Accountability!
• If you are going to promise an IAM
function, hold yourself accountable for it.
• You cannot build IAM alone, other teams
have to do their part as well.
• Leadership can help enforce
27. Solution: Consider a Punch List
• OU built a list of required tasks, hours, and
• When a team was assigned a task, their
leadership was made aware.
• Leadership and individuals team members
can see what is left and how far they have
30. Final Thoughts…
• IAM is VERY important to the future of
Higher Education and YOU are part of that
• The end will eventually justify the means…
• You can make mistakes, but they don’t
31. Need more help?
Keep in Touch!
• Slides Available at the
end of this presentation
• Email: firstname.lastname@example.org