1. ONE YEAR LATER –
EVOLVING IAM IN HIGHER
EDUCATION
Presented By: Dave Shields,
Managing Director of Identity and Access Management – University of
Oklahoma

2. About Us
• Publicly funded, research and grant based
institution with over 35,000 students and
12,000 faculty/staff
• Over 100 colleges across three campuses
• Highly decentralized organization,
especially related to identity sources

3. It Seems Like Yesterday…
• One year ago, we began building a next
generation IAM platform for OU
• Now, we are less than two weeks from
offering the development lab Go-Live
• We learned some things and wanted you
to learn from our mistakes and successes.

4. Quick Review
• OU is replacing our legacy, in-house
created IAM system with a COTS IAM
Solution
• Using our IAM Roundtable, we made 10
Business Requirements and evaluated
vendors
• After evaluating vendors, we selected
NetIQ as the highest scoring vendor for
our needs.
• We started with Phase 1 and will go into

5. Phase 1 Goals
• Replace our legacy, in-house solution.
• Consume account requests from
PeopleSoft, Banner, Slate, Exceptions,
and historical sources
• Perform extensive de-duplication of data
• Provision accounts to Active Directory and
Office365
• Create accounts in hours, not days.

6. Problems…
• Even after a year of discovery, there were
some processes that we didn’t know about
• During the build-up, new sources of record
came online
• Due to complexity, timeline adjusted many
times
• Resource constraints caused unexpected
issues

7. Mistake 1 – Discovery Covered It
All
• Over a year was spent to try and
understand all processes.
• We thought we had it all documented
• Incomplete view of process complexity
• You have this, but it needs this too…

8. Result – Moving Targets
• As processes were built in NetIQ, pieces
were missing
• Discovery began to overlap development
• Key processes were not fully understood
• Trying to lock down processes caused
several ‘moving targets’ especially in
Student Data

9. Mistake 2 – Not Planning for Future
Sources
• New systems became critical while we
were prepping for the Development Lab
• Processes changed due to new systems
• Old processes became irrelevant and new,
unknown processes became critical.
• It worked that way until…

10. Result – Reinventing the Wheel
• Developed processes had to be
scrapped/re-worked to accept the “new”
normal
• In-flight changes cause turbulence and
frustration
• Resources continued to contract and
demands increased
• Once again – moving targets

11. Mistake 3 – Timeline Optimism
• Timeline prediction was set very short to
allow for it to stretch
• Too many assumptions were made off
incomplete discovery
• Resource constraints were not fully
accounted for
• You want this when?

12. Result – Missed Deadlines
• Original Go-Live of Development Lab was
October 2016, then December 2016.
• A week before Dev Go-Live = PANIC
• Increased project management oversight
• Negative perception of credibility
• IAM Timeline began to feel like…

14. Mistake 4 – Resources
• The resources originally planned to help
with IAM got stretched too thin from other
teams.
• Too many projects, not enough resources.
• Agreement on priorities were often skewed
• If everything is critical, nothing is critical…

15. Result – Increased Problem
Visibility
• Too many timing issues caused all teams
to struggle with problems.
• Extreme project management and
oversight needed to reduce concerns.
• Negative perception of credibility

16. Turning The Tides
• All is NOT lost! We fixed this and so can
you!
• With a few adjustments and a fluid
timeline, you can succeed like we did!
• To turn the tides:
– Recognize what you can deliver
– Admit challenges and solve them
– Build bridges, not walls
– Create an accountability list

17. What can you deliver?
• You want it to look like this:

18. What can you deliver?
• Do not try to ‘do it all’ at once…
• It will not have ‘everything’ from Day 1
• You will need to implement IAM in
‘phases’.

19. What can you deliver?
• Don’t overpromise and underdeliver.
• If it takes longer, it may be better than
rushing.

20. Solution: Realistic Delivery
• OU will take longer to build our IAM than
we wanted but it will be better for all
parties.
• Your IAM will ALWAYS cost more than you
expected.
• Establish a clear deliverable for Phase 1
then log requests for the future phases.

21. Admit Challenges and Solve Them
• Challenges WILL happen!
• A challenge is NOT a problem
• Do not try to be the IAM Superman…

22. Admit Challenges and Solve Them
• Project management can help you, not
harm you.
• All of your stakeholders want this to
succeed too!
• Admitting issues increases your credibility.

23. Solution: Keep Things Fluid
• Give yourself more time to complete IAM,
YOU WILL NEED IT.
• Keep feedback loops open so that
problems can be solved.
• Most of all… take a “Q-TIP”
Quit Taking It Personal

24. Build Bridges, Not Walls
• High-profile, expensive projects like IAM
are hard for EVERYONE
• Emotions and Pressure will impact all
parties
• Mistakes will be made

25. Solution: Communication
• Remember, the other teams are just as
frustrated as you!
• Communicate directly if you can, indirectly
if you cannot.
• Honesty is STILL the best policy.

26. Create Accountability!
• If you are going to promise an IAM
function, hold yourself accountable for it.
• You cannot build IAM alone, other teams
have to do their part as well.
• Leadership can help enforce
accountability.

27. Solution: Consider a Punch List
• OU built a list of required tasks, hours, and
team assignments
• When a team was assigned a task, their
leadership was made aware.
• Leadership and individuals team members
can see what is left and how far they have
come.

28. The OU Punch List

29. The OU Punch List

30. Final Thoughts…
• IAM is VERY important to the future of
Higher Education and YOU are part of that
future!
• The end will eventually justify the means…
• You can make mistakes, but they don’t
make you.

31. Need more help?
Keep in Touch!
• Slides Available at the
end of this presentation
• Email: dshields@ou.edu
• LinkedIn:
https://www.linkedin.com/i
n/daveshieldsok/