

Implementing Identity and Access Management (IAM) requires organizational planning, user lifecycle management, access control and governance, application integration, and operational management.
Today’s blog post details four critical user provisioning and access requirements you need to audit and understand before implementing an IAM environment such as Tello. Use this information as a starter guide for migrating manual user provisioning and access systems to an automated IAM solution.
Related reading: What is Manual User Provisioning Costing You?
To build a foundation for an automated identity and access management migration, your organization must first define, map, and set clear parameters for IAM implementation. Do this by auditing, preparing, and documenting the following items for migrating manual user access and provisioning to IAM.
Further details for each implementation requirement are listed below.
Compile a list of the critical resources (systems, apps, data) whose user provisioning and access will be managed from your IAM environment. This list will define the scope of your IAM solution. Most in-scope resources can be discovered through your current manual user provisioning system.
It is also important to include any shadow IT apps and cloud storage services that are being used without organizational controls. Shadow IT apps and cloud storage usage can be discovered using several tools, including monitoring browser activity, network traffic analysis, endpoint monitoring, and configuration management database (CMDB) software.
Once compiled, your in-scope list can be prioritized for implementation in your identity and access management environment. Because new applications frequently come on-line and users will always access shadow IT apps and cloud storage, the in-scope list should be regularly updated and applied to your IAM solution.
Each resource on the in-scope list should also be identified as to who its primary IAM stakeholders are. This stakeholder list will be used to determine what roles each stakeholder has in administering user and access provisioning. Possible IAM roles for each stakeholder and their duties include:
Stakeholders should designate the regulatory mandates and other requirements to satisfy the legal, financial, personally identifiable information, security, and other requirements for each resource. This information can be used for designating user access assignments for IAM stakeholders.
As you migrate user provisioning and access management to an IAM solution, audit each resources’ user accounts and document the following items for migration to your IAM environment.
Related: Avoiding Identity Access Drift with IAM
Relevant metrics help cost-justify an IAM system migration. They can also demonstrate how effective your IAM implementation is and to flag areas that need further improvement.
Consider gathering metrics before you start your migration and at critical junctures during and after the migration. Metrics can be used for evaluation and continuous improvement. IAM metrics can be gathered on a resource-by-resource basis or an accumulated basis for all migrated resources. Each metric should also contain a target value based on IAM stakeholder and access requirements.
Here are some important user access provisioning and deprovisioning metrics for IAM implementation and evaluation.
Coordinate with your IAM stakeholders to determine which IAM metrics should be tracked.
Contact Seasoft Security for more information on preparing and implementing an advanced Identity and Access Management solution like Tello. Our IAM experts can perform an organization-specific assessment to help modernize your user access and provisioning environment.