IGA Adoption Practices and Challenges: Part 3 – Operational Support
Once deployed, IGA platforms require ongoing “care and feeding” to stay current and operational. This is another challenge often underestimated in IGA planning.
Here are specifics for generating ongoing value out of an IGA investment.
Upkeep of integrated systems in IGA
IGA tools take in data feeds from many systems and have connections to many others, to request or make changes directly to user access. Many of the groups involved in these integrations are in IT, but some are not. Being aware of all connections, how they are made, and what day-to-day work is involved with managing these integrations is key. The most important task in this area is proper engagement at the project start. Getting buy-in and involvement at the beginning means a good start for the relationships that will always need to be in place for IGA to work smoothly.
A key planning function of the project is to understand the current and future architectures, and what systems are integrated. Then HR, IT, Information Security, and others can become involved as needed. These stakeholders need to understand the value of the tool and how they will need to support it day-to-day to realize that value.
Integral Partners finds that many companies are not fully aware of integrations that exist in their technology today. Typical engagements map out those integrations so we can identify stakeholders to engage, systems to migrate, and identity-use cases to account for.
Many companies use HR systems to manage only full-time employees, and they configure the IGA tool correctly to manage these identities. Non-employees, contractors, and contingent workers are often managed in separate systems. This needs to be discovered and managed early in the project. If not integrated properly, then a subset of users will not be managed within IGA, and the value of the tool is diminished. These users may be overlooked in compliance checks. Gathering the right stakeholders and understanding how the organization manages all users and their identities is key to configuring and deploying a solution that covers the entire population.
Integral Partners has approached this particular situation in several ways. We often integrate the non-employee HR system and apply many of the same workflows in IGA to support these users. In some cases, we have recommended combining the systems due to the work involved to integrate them separately, often for a small population. Each case is unique, and Integral Partners can advise on individual situations to provide recommendations and help drive the change.
Upkeep of job roles
Many organizations use role-based access to define users and apply a package of access entitlements to a user when he or she joins the company or moves to another role. These job roles are dynamic and need to be updated and reviewed regularly. This makes automation work properly in the IGA tool and makes compliance with regulatory requirements much easier to demonstrate. Engaging the right people to govern how roles are managed and updated is key. This is an ongoing activity within an IAM program and does not end when an IGA deployment project is complete.
Governance of the roles post-project is key to ongoing success of IGA. Integral Partners has helped establish these working groups to meet regularly and keep roles current.