It’s been an eventful couple of months leading up to Christmas for me, starting with the MVP conference in Redmond and followed closely by my company UNIFY’s 10th anniversary, at which I was taken by surprise to be honoured as the first UNIFY 10-year employee. Although I can’t remember a word of my acceptance speech, I won’t forget the evening in a hurry, and how proud I felt to be part of an exceptional selection of IAM professionals carving a niche in the Aus/NZ identity and access market, not only in FIM/MIM, but also in other complementary IAM technologies such as Azure, Ping and Optimal. It was a nice touch by one of my Novell-inspired colleagues who presented a different take on our theFIMTeam.com brand.
Since then I have been heavily involved in a couple of large-scale FIM deployments and this will continue in the new year with a major project to use FIM2010 to replace an ailing access provisioning system. I will be drawing on all 10 years of my ILM/FIM experience with this one as the project seems to take on something new by the day, but I’m looking forward to sharing the challenge with a more than capable team assembled for the task. This project really brings together so many key concepts as to how to approach identity and access life-cycle provisioning that I thought I’d share the main ones here, as they will remain as relevant as ever while we roll into a new year and the pending MIM2015 timeframe.
- Achieving stakeholder accord across multiple platforms and programmes.
Especially in an enterprise environment, believing that you can plow ahead and eventually win the naysayers over is foolhardy and disrespectful. Everyone is entitled to their opinion, and engaging with them all early is vital to share ideas and draw on experiences to avoid pitfalls of the past. Knowing where to respectfully hold your ground is just as important to acknowledging and embracing a superior alternative approach.
- Understanding the target environment and culture
Sure there are systems to integrate, but always keep in mind the people that have to deal with them day by day, and understand the impact of changes you will invariably introduce. While you may see yourself as the harbinger of change, others may measure the success of your project in the exact opposite!
- Maintaining clarity of vision
Don’t take on any more than you can handle in the timeframe allowed. There is always more to do, and pressure to try to accommodate everyone’s needs and ideas at once. Identify what is paramount for an initial successful deployment, and build your strategy from that. Don’t eliminate anything, but clearly lay out a roadmap and identify a timeframe for each targeted requirement.
- Integrating processes not just data
Think about on-boarding, moves, and off-boarding. Extend this thinking to edge case scenarios such as rehires and elevated duties. Think about the events that drive changes, and work to see how you can best leverage these; maybe not just the ones that are happening now but perhaps those also falling in the near future.
- Provisioning relationships not just identities
Especially when working with FIM, or MIM later this year, resist pressures not to surface key relationships between data entities that you will need to drive policy. Rather than caving in to working with ‘flat’ data structures where every piece of information is a string attribute of a user, point out the benefits of modelling a simplified uniform data structure in FIM. Demonstrate that by maintaining and honouring these relationships when synchronising entities between multiple systems, not only do you ensure referential integrity, minimise sync times, and avoid error, but you also provide the mechanisms you need to add value in FIM in terms of policy.
- Responding to changes in a timely manner
I will come back to this below …
- Honouring multiple authoritative sources
Rarely is one platform or system 100% authoritative for all entities and attributes in a synchronisation/replication model. Acknowledge this up front by identifying the processes in connected systems, rather than just the data, that might come into conflict when automated sync comes into play. Build flexibility in your model to adapt to changes as they invariably evolve, along with collective understanding.
- Planning for the future
Further point #3, we are doing our job well if we are building a strong foundation for future identity and access management initiatives and requirements. Don’t lock your customer into something that will not allow them to adapt as their business evolves any more than is absolutely necessary.
I know there are even more, but the above stand out to me as critical to success as I face the busy months ahead. I have posted on some of these before, and find myself coming back to them over and over.
I am presenting the January 2015 FIMTeam UG session in a couple of weeks (yes, even though many of you are still on holidays). In this session I will be addressing point #6 above. Those of you that know me will understand that this is a passion of mine, and for good reason. I really need you all to understand how FIM sync can be “uplifted” in a way you may never thought possible in order to deliver not only to SLAs, but also to people’s true expectations of a modern identity life-cycle management solution. Looking forward to your company – but if you miss it you will be able to view the recording at your leisure from the above link.
Happy 2015 everyone – may it be the best ever.