client email
search 
Identity Access Management Products Customers & Partners Services Methodology Knowledge Zone
 
Knowledge Zone - Main
Identity Management - FAQ
IDM – Examples
Experts Talk
Weekly Tip
Newsletter
Whitepapers
Webcast
Demos
Return on investment (ROI) calculator
IDM Forum


 
"They proved to develop our worldwide e-banking project professionally, while saving us a considerable amount of money in the process."~ more
 
"We found IDFocus to be a top solution provider, one who is sensitive to the market needs, and extremely creative in finding the proper solution for the customer..."~ more
 
   
Identity Management System and User Provisioning - FAQ


It is clear that Identity and Access Management systems deliver significant benefits but what exactly are they? What exactly can you use these solutions for? Listed below are answers to a few common questions, and links to short examples of types of Identity Management projects that deliver substantial value and Return on investment (ROI).

  1. What is an Identity Management system?
  2. What value can I realize from an Identity Management solution?
  3. Who should consider using an Identity Management solution?
  4. What is User provisioning?

1. What is an Identity Management system?
An Identity Management system is a central IT-user management and automation system. The Identity Management system controls users, passwords, access permissions, and accounts across multiple IT systems.
Identity Management solutions address the following challenges:
  • Reducing the costs of managing user accounts on multiple systems
  • Enforcing data security policy
  • Managing users in an enterprise portal or B2B application
  • Centralizing users’ management on web-based applications and on legacy applications
  • Enforcing password policy
  • Alleviating the burden of password reset and unlocking
  • Ensuring that former employees do not have access to the organization’s data
  • Streamlining and shortening new-hire and termination processes
  • Minimizing the costs and administrative challenges of managing business partners who access your data systems
  • Avoiding orphan accounts
Top of Page

2. What value can I realize from an Identity Management solution?
An Identity Management system can help you to:
  • Build a central users’ data repository
  • Synchronize users data between different IT systems
  • Create and maintain a single point of management for all IT users
  • Enforce your security policy
  • Automatically create, modify, or delete accounts
  • Automate & delegate complex manual workflows
  • Define and automate Web Access Control
  • Synchronize passwords between multiple IT systems
  • Provide single sign-on

Identity Management solutions can bring the following benefits to your organization:
  • Tighter data security
  • Thousands of manual IT tasks performed automatically
  • Significantly lower IT overhead
  • Users who can support themselves without calling the Help Desk for every routine request
  • Productivity increases for everyone, both inside and outside IT
Top of Page

3. Who should consider using an Identity Management solution?
You can benefit from an Identity Management solution if you need to:
  • Decrease Sarbanes-Oxley compliance costs
  • Decrease IT operational expenses while maintaining or increasing responsibilities
  • Enforce or tighten data-security policy
  • Have better control and monitoring over your user populations and accounts
  • Improve customers’ experience while logging in to your multiple Web-based applications
  • Delegate user accounts administration to other organizations or departments within your organization
  • Service a "to do" list requiring more resources than available
  • Synchronize users data and/or passwords across several systems
  • Demonstrate strong emphasis on worker productivity
Top of Page


4.What is User Provisioning?

Considered by some to be the "holy grail" of Identity Management, user provisioning includes the following functionality:
  • User's data repository
  • User's accounts and data management
  • Roles and privileges definition and management
  • Automatic account creation, termination, and modification
  • Automatic role creation, termination, and modification
  • Password synchronization
  • User self-service
  • User auditing and reporting
  • Security policy enforcement (password policy, access policy, group's policy etc.)
 To learn more about user provisioning download our latest whitepaper.

User provisioning and password management offer the greatest proportionate Return on investment (ROI) of all Identity Management applications, especially for organizations with over 10,000 IT users.

Giga Research (now a wholly-owned subsidiary of Forrester Research) has quantified the benefits of user provisioning and password management as follows:
  • Improved IT efficiency: $70,000/user for every 1,000 managed users
  • Audit savings: $4,000/security audit
  • Reduced help desk costs: $75/user per year
  • Faster access to applications : $1,000/new employee, $350/year per existing employee
  • A single point of access for employees to view and modify identity data: $100/user per year
  • Improved searching for user data: $1,000/user per year
  • Improved updating of user data: $185/user per year
  • Improved list management: $800/e-mail distribution list
Much like ERP, user provisioning implementations are complex and may require heavy customization and
integration. Learn how to optimize your user provisioning project download "IDMology- a methodology for implementation of Identity management systems."


User provisioning projects can be divided into three categories:

  • No customization, light integration: These projects can last for 2-3 months and in most cases
    will include light business process analysis, and only 1-3 simple target systems to manage.
    The idea is to try and use the provisioning server’s "out of the box" functionality, basically adapting the organization to the software rather than the other way around. There will be minimal or no customization of approval processes, GUI, data exchange between target system and the provisioning server, reverse synchronization functionality, user types, change requests status, and other parameters. This process fits organizations wishing to invest minimally and get a new process in place with less emphasis on supporting the organization’s current business processes.
  • Customization & integration: These projects usually take 3 to 6 months and will involve 2 to 4 target systems and some customization of all parameters. In these projects a few areas, including ERP systems, US and non-US employee management, and password synchronization across diverse platforms including multiple ERP subsystems, will not be explored as deeply as roles allocation and management. Roles, unlike accounts, require a more complex process analysis and solution design, which translates to a more complex selection, approval, and provisioning process to implement and test.
  • Heavy customization & integration: These solutions will take more than 6 months and will integrate more than 4 target systems including an ERP system with several sub-systems such as HR, Portal, and Finance, and may also include integration with a Sarbanes-Oxley compliance tool or expanded functionality to support Segregation of Duties (SoD) analysis. These projects will handle multiple user types, multiple role types, HR integration, customized reverse synchronization, heavily customized GUI, cross-platform password synchronization, complete self-service, various approval and provisioning processes, connectors customization to support the business process, customized reports, and data modification auditing.


Figure 1: Schematic Flow of User Provisioning
Top of Page

To learn more contact us.



About Us   Products   Identity Access Management   Customers & Partners   Our Services   Methodology   Knowledge Zone   Registration
Contact Us   Term of Use   Privacy   News   Site Map
Copyright © 2005 IDFocus