The document discusses the challenges and solutions in identity and access management (IAM), highlighting the need for accurate and timely identity data in complex business environments. Common implementation issues include data quality, process misalignment, and inadequate stakeholder engagement. Successful IAM requires a focus on establishing data accuracy, understanding authoritative sources, and integrating processes across the organization.

1. www.idenhaus.com
Identity & Access Management
Project Challenges and Recovery
August 2017

2. www.idenhaus.com
• Identity and Access Management
- Definition and Overview
• Business Drivers for IAM
• Project Challenges
• Success Factors
2
Identity & Access Management
Agenda

3. www.idenhaus.com
What is Identity & Access Management?
Access Management
The systems and processes that control who has access to IT
resources, and what each person is entitled to do with those
resources.
Identity Management
The systematic collection, maintenance, and distribution of
identity data to support business processes and systems.
3

4. www.idenhaus.com
Why Identity & Access Management?
Identity
Personalized
Content
Access
2. Provided to Resources
Based on Authenticated
Identity
1. Verify Who
3. Services Based on
Role or Preferences
4

5. www.idenhaus.com
Increasingly Complex Business Environments
Drive Need for IAM
Organizations need a “unifying framework” to organize accurate and timely information
about their employees, contractors, customers, partners—Identity is that framework
Complex Customer Interactions
• Multiple channels, products, services drive
need for single customer identity
Regulatory Requirements
• Demonstrate policy compliance, proper
controls, auditability
Security Concerns
• How to manage ”need to know”
• How to reduce risks of data exposure
• Growing internal & external threats
Information Quality
• Inconsistent, inaccurate, missing data
• Multiple sources, which is authoritative?
Extended Enterprise
• Manage contractors, partners, suppliers,
and customers
Improved
Service
Regulatory
Compliance
SecurityPrivacy
Business
Value
Scalability
5
5

6. www.idenhaus.com
… but your systems and processes look like this
6

7. www.idenhaus.com
Automation makes
a system of many
appear fewer.
7

8. www.idenhaus.com
AUTHORITATIVE
SOURCES
IDENTITY STORE
SERVICE
DIRECTORIES
CONSUMERS
Recruiting
Human Resources
(HRIS)
Contractors
Authentication
Services
Active Directory/Azure
Virtual Directory
Service
Saas
Applications
Proxy Servers
Identity Store
8

9. www.idenhaus.com
How IAM Solutions Work
Personnel #
Last Name
Phone
First Name
First Name
Personnel #
E-mail
Last Name
User Profile
Phone
Mail
Other Attributes ...
Authoritative Source
(SAP, Workday, Lawson)
First Name
Phone
UserID
UserID
Last Name
eMail
UserID
Email
Sync to
Consuming
Systems
Last Name
First Name
eMail
Identity Store Bobby on
Portal
Create Identity
& publish to
ID Store
Human Resources
003456
Bobby
Doe
404.555.5555
bdoe@domain.com
A12345
A12345
bdoe@domain.com
404.555.5555
Bobby
Doe
bdoe@domain.com
Bobby
003456
Doe
9

10. www.idenhaus.com
• Data Quality Issues
– Accuracy, Completeness, Availability, Latency, Consistency
• Broad Scope
– Internal users, external users, partners, suppliers, customers
• Business Processes Misalignment with IAM
– SLA
– Process vs. Technology
• Stakeholders Push Back
– Human Resources
– Asset Management
– Security
4 Common Challenges with Implementing IAM
10

11. www.idenhaus.com
• Who are you? What uniquely identifies you?
• What is your relationship to the organization?
• What is your role?
• Who do you manage?
• What assets do you have?
• How do we link:
– Bob Jones in system A, with
– Robert Jones in system B, with
– R Jones in system C?
IAM begins with accurate user data
11

12. www.idenhaus.com
Getting clean, consistent, and complete
data into the identity store is typical
hurdle for any IAM implementation.
Bottom line: establishing data quality &
accuracy can be a major factor in creating
a functional provisioning solution.
Sample of types of data needed
for Identity Store:
…first name, middle name, last name,
cost center, location, work status,
telephone number, supervisor/manager,
user class (employee, contractor),
expiration date (contractors),
business/functional role.
Data quality is a typical challenge
12

13. www.idenhaus.com
How big is too big?
• User Types (employee,
contractor, partner, etc.)
• Downstream systems (AD, ERP,
Marketing, etc.)
• Authoritative sources (HRIS,
VMS, database, etc.)
• Workflows (on/off-boarding,
transfers, etc.)
Broad Scope: Tackling too much at once
13

14. www.idenhaus.com
We have a Process Misalignment
EXAMPLE:
• “Asset provisioning requires
one-week lead time to configure
and ship a workstation for a user…”
• “The HR team’s SLA is to get the
worker’s HR record complete
2 days before their first payroll,
which is up to 12 business days
after the worker starts…”
SOLUTION: Integrate and optimize
processes around outcomes.
14

15. www.idenhaus.com
• Audit
Security control and risk reduction
• Financial Department
Cost savings / ROI
• IT Infrastructure
Efficiency and centralization
• Network Manager
Consolidation, single infrastructure,
management
• Support
Ease of administration
• Platform Owner
Reduced administration, single sign-on
• Help Desk
Reduced calls through self-service
• Application owner for HRIS
User data, integration
• Strategy
Platform and foundation for
centralized services
• Business Unit
Tactical requirements, improved security
IAM Stakeholders
15

16. www.idenhaus.com16
Stakeholder Analysis
Influence
Engagementlow
high
high
Wild Cards
(engage & consult)
Spectators
(keep informed)
Champions
(engage & support)
Contributors
(keep involved)

17. www.idenhaus.com
• Investigate and Understand Data Quality Issues
• Identify all Sources of Authoritative Data
• HR, eMail
• Follow 80-20 Rule
• ”We don’t have to boil the ocean to be successful”
• Adjust Scope
• Changes to Cost, Time, and Functionality as your understanding of
Initiatives develops
• Build (the right) Foundation to Enable Future Initiatives
Critical Success Factors in Conclusion
17

18. www.idenhaus.com
Idenhaus Consulting
• Who we are
– Founded in 2013
– IAM Strategy & Implementation
• Views on business impact of IAM
• Strong track record in solution delivery
– Cybersecurity
• Security Operations Center (SOC)
• NERC CIP
• Security Assessment-SAS 70/SAE16/18, ISO27001, NIST
18

19. www.idenhaus.com
Hanno Ekdahl
404.919.6167
hanno@idenhaus.com
Maximizing Potential in this Digital Age
Questions?
THANK YOU