Category: Best Practice

IAM Design Principle: Lifecycle Events

I’ve really been trying to improve my skills at capturing and writing up requirements and one thing that helps is to list all the typical identity “lifecycle events”, along with: How to detect the event, and What to do when the event is detected. So for each target system I will have a table like
Read More »

IAM Design Principle: User Status Values

A field indicating a person’s “status” with respect to the organisation is a standard feature of all IAM implementations. Over many solutions I’ve boiled it down to four status values that satisfy all the lifecycle use cases I’ve come across: Pending – We know about this person but their hire (or re-hire) date is in
Read More »

Pre-wired access control

Here’s a picture I once used in a presentation (credited to to illustrate the mess access control in directories and applications often looks like when you try and do any kind of review and analysis. These days I don’t go into server and patch rooms all that often, but even so it’s been a long
Read More »

Why I care so much about identity data quality

I feel like I’m always trying to convince people that the quality and maintence of identity data is important and worth putting effort into, while they nod and say “sure, sure”, while thinking “this crazy lady knows nothing about reality”. But you know what? I’m not crazy – and here are some reasons why.