Identity management

What can an identity management platform do for your business?

Many businesses will have a number of corporate shared services (HR, finance, etc.) with well-documented policies and procedures. Beyond the documentation, however, there's a good chance that technology isn't being leveraged to enforce compliance with those policies and procedures.

An identity management platform picks up where these traditional approaches finish by automating applicable policies/procedures for efficient, auditable outcomes. Pairing identity management with a role-based access policy drives these advantages even further.

Some of the benefits may include:

  • Improved IT governance (notably risk and compliance).
  • Removing low business value tasks from high value employees through automation.
  • Faster adoption of new services/applications - even cloud services in many cases.
  • Accurate identity-related data across systems.

How does identity management differ from access and authorisation?

The answer is simple: access and authorisation mechanics - like Active Directory, aren't tightly coupled to business processes.

To use a simplistic example, consider that an organisation has a policy requirement that a new staff member can't be set up in the ICT systems until they have returned their signed employment contract to HR. That's not something an authorisation and access system can assess whereas an identity management system can.

Using an identity management system allows you to extend many more business processes and policies into the technology layer.

"We already use Azure AD Connect. Isn't it an identity management system?"

This question is more for the techies/service providers out there, and the answer is "no".

Microsoft Identity Manager connects to a wide range of decision-enabling systems such as ERP's which is what allows it to support business rule processing. Conversely, Azure AD Connect can't connect to any business systems.

What does an identity management platform implementation look like?

The clichéd response is "90 per cent planning; 10 per cent implementation".

The reason the planning stage is so dominant is because quite a lot of evaluation of business policy and process takes place, and that's often a complex endeavour that can cascade into process reviews.

Our recommended high level engagement process is:

  1. Initial discovery meeting with key business stakeholders to explore if identity management makes sense in the current climate and to identify critical prerequisites if not.
  2. Second meeting acting as the project startup and initiation. The critical elements are solidifying the deliverables and how those will be measured.
  3. Detailed discovery feeding into the business justification revisions. This represents the lion's share of the "90 per cent planning".
  4. Technical implementation and documentation.
  5. Review against the measured deliverables and project closure.

This ensures the identity management platform delivers actual business value rather than simply being a tactical solution for pushing logins around to various systems.