You can’t buy a fully functional IAM system off the shelf, install it into your environment with minimal configuration, and expect it to do something. IAM is intricately bound with your specific systems, business rules and priorities. The best IAM solution is “grown” within the organisation, and growing takes time.
In IT there is great truth in the words “change one thing at a time”. With FIM it’s often hard to change only one thing, even when your desired outcome appears to the end users as only one thing. We must often knit together strands from various components within FIM, and elements outside FIM, to achieve this one outcome. And then we’d better test it thoroughly to ensure we didn’t just break something else!
Even with good testing, production practices can bring surprises that were not predicted either by the data or the documented use cases. Sometimes the solution can accommodate them, but in other cases these practices will need to be changed.
The ideal approach is to build your IAM solution in a series of short phases, with each phase delivering a limited number of complimentary functionalities. In between phases we have a settling in period where we monitor for problems before going ahead with another change. While this may seem onerous it is far better than the alternative – a lengthy project that attempts to do “everything” at once, and is therefore guaranteed to fail.
Got something to add? Disagree? Comments are open!