It's all about the (business) process folks...
I spoke to a non-US Government Agency yesterday about their Identity Management initiative. Turns out they are hung up on an architecture. Why? Because there is no identifiable (or identified) business process for them to build for. The business users are saying - Just buy a tool and it'll take care of it that's what their workflows are for'. Those of us who do this for a living are probably smirking or laughing out loud at the comment. Typical, but one of the leading causes of unsuccesful projects.
- Roles don't matter in the absense of a procees
- Entitlements don't matter in the absense of process
- Ultimate success depends explicitly on process
When I say process - this is what I mean:
When a process is defined from the onboarding of an employee, certain simple truths and processes are born. Identities are created, HR data is populated, and provisioning happens. The simple truth is that there are components of that Identity (email address and phone number for example) that everyone has. Period. So at the Macro level the process is, when a user is created they get an email address and a phone number. It is the blood type and sex at birth (as a metaphor).
What this baby will grow into is a process, whether we're talking human or IdM, which is why process is so important. Looking at the simple process and simple truths of WHERE YOU WANT TO BE/GET TO is paramount.
I will meet with these folks on my next trip in country and see if I can help, even if it's to explain to the business folks that them saying 'Just buy the tool' is the wrong way to figure out a process.
In fact I may have to go to Home Depot and get a tool, any tool, and walk it and say 'that'll fix your IdM problem' to drive the point home...