Considerations in your IAAM journey - Part 0: An IAAM system overview

Wes Wright
Jan 28, 2020

I’m sure you’re well aware that IAM stands for Identity and Access Management, so you’re probably wondering why I’m calling this an IAAM journey. I’ve added an extra “A” in here for Authorization, because it’s different than just Access. I’ve been asked a few times what I’d consider a complete IAAM suite and what are the steps that are needed to get there. With this series of blog posts, I’m hoping to give some broad guidelines on standing up an IAAM solution set of tools, if you’re starting “greenfield.” But, as you’ll soon see, it’s not really the IT tool that makes standing up a great IAAM system hard, it’s the processes that feed the IAAM system that are hard to wrestle down.

With that in mind, here’s how, in general, a good IAAM system should work:

New entity joins your organization. A central source(s) enters the metadata for that entity. That data is passed to your provisioning system. The provisioning system automatically creates accounts in both your identity service provider and applications necessary for that entity to perform their duties. The provisioning system creates access management and single sign-on for the entity. As the entity life cycles, applications are added and subtracted from the entity and periodic reauthorizations are done. When the entity exits the organization, a central source(s) notifies the provisioning system. The provisioning system disables access to the group of applications the entity had been assigned and the digital identity is retired from the system.

See, super easy! Essentially that’s what we want to do with an IAAM system. In later posts I’m going to dive into some of the intricacies/complexities you can expect to see in some of these small sentences I’ve written above. As you might imagine it’s a lot more complicated than the paragraph above would lead one to believe, mostly because it does, as I’ve stated, involve a lot of people and processes, and collaborating to align the processes to “feed” the IAAM system in a nutritious manner. Us IT folks know how complicated things can get when people are involved, rather than just bits and bytes. But, don’t be afraid, we can do it!

Next up: Who does what?