Home » Identity & Access » Identity Management

Identity Management: Implementation Dos and Dont's

Just getting started on an IDM roll-out? Some pointers from people who've been there, done that.

By Mary Brandel

March 26, 2008 — IDM (Identity Management) implementations promise big rewards but demand big investment. Here's advice on getting the biggest return on all that investment.

DON'T underestimate the amount of preparation involved. For Mike Petosa, IT director at the American National Standards Institute, the two biggest challenges for implementing an IDM system from Novell were cleaning the data and defining the business processes surrounding identity management. (To learn more about the components of and considerations for a full-blown IDM project, see "Identity Management: Critical Components."

Data cleansing was 60 percent of the project, he estimates. For instance, his team had to clear up semantic differences among various departments, such as the term "inactive record." "That needed to be accurate to create the correct workflow and rules," he says.

Defining business process required exposing intuitive knowledge that individuals had stored up for years, he says. "It took a lot of probing to expose the workflows because it was distributed among many people," Petosa says. For instance, member registration involved several departments working separately to provide access to applications and services based on membership level.

Petosa's group had to define workflows and business rules that would streamline these processes and minimize errors. Now, when a member registers online, a record is created in the CRM system, and access is automatically provided to a limited area of the SharePoint portal server. When the membership department receives notification of the new membership, it authorizes further access, based on the membership level.

"All these rules are stored in the identity management system, and all the member identities are stored in the identification vault," Petosa says. Now, when updates such as change of address or membership level are made in the CRM system, the changes are synchronized across all other systems and databases.

DO prepare your environment to smooth implementation. When Equifax implemented Sun's IDM system, it didn't plunge right in, says Tony Spinelli, chief security and compliance officer. He first worked with the IT department to create one authoritative source for all the company's employees and contractors, which required creating one logical database from databases throughout the world.

Second, Spinelli wanted to develop a way to connect the IDM system with all the other applications that Equifax used, rather than having to write scripting languages and adapters for each application it wanted to integrate. To do this, he worked with IT to develop identity repositories in Active Directory and LDAP. "We didn't want to write adapters between Sun and every application we wanted to connect--that really would have elongated the process," he says.