IAM Design Principle: Use your IAM platform for IAM work
Integration between IT systems is hard, even when they support common standards, so I understand this desire for a service tool that does “everything”. IAM software platforms are typically extensible in various ways such as scripting, custom schema and custom workflows, so it may well be that you can do something a bit out of the ordinary, but should you? Software is developed with certain uses in mind and trying to force it into some other shape is rarely good for the on-going effectiveness and maintainability of the solution.
Some “un-natural” things I’ve seen people try to do with their IAM solution: handling service tickets, service catalog, access audit in external systems, asset management, general purpose ETL and orchestration, non-IAM aspects of application administration.
Continue reading ›