Identity management is essentially about issuing “Digital ID cards” for all employees of the organization. These cards are valid within the entire organization and handle access to all services, tools and resources. This is known as user-centered identity (Identity 2.0), as opposed to application-centered or decentralized authorization management.
It may give way to misuse if
- controlling the entire scope of authorization or resources allocated to a particular user is practically impossible, while users in general have more and more licenses;
- certain users acquire excessive powers within certain systems or across systems or manual activities;
- the authorizations issued to former employees are still valid in the system and resources are left allocated; or
- nobody knows exactly who accesses (or accessed) what and when or who authorized individual actions.
Efficiency and user satisfaction is low because
- unique authorization management processes are introduced for each new application;
- the process of assigning and modifying authorizations is slow (it might take several business days) and inflexible, in many cases requiring several rounds of negotiations,
- a significant part of helpdesk calls (up to 30%) is related to password management,
- in case of corporate mergers and acquisitions, the uniform management of authorizations is cumbersome.
Increased operational efficiency and multiplied returns
An IDM system greatly enhances operational efficiency as well. By replacing traditional handover forms and other manual processes, cycle time is reduced from several days to a few hours, and this kind of agility results in cost savings proportional to the number of hours saved. We can allocate tangible assets, such as building access cards or any other resources to our employees, depending on their role in the organization, either automatically or via the central interface.
Up-to-date information everywhere
We store mixed information about employees in mixed systems with a lot of overlaps and redundancies. These data can be kept synchronized between the appropriate systems using standard interfaces that are considered basic requirement in IDM systems. This way, the allocation of authorizations, the management of assets and accounting activities, to name a few, can all be based on up-to-date information.
Well organized, comprehensive processes
The introduction of an IDM system requires a profound change of attitude and comprehensive process management. By involving more than one organization, effective solutions can be created. The central registration of users (involving the HR department) and a regular revision of authorizations (recertification with the involvement of managers) is particularly important.
What happens when an identity management system is introduced?
- optimization and modeling of identity and authorization management processes;
- assessment, analysis and documentation of authorization structures;
- optionally, the optimization of authorization structures (developing duties, planning the separation of duties (SOD));
- the assessment and organization of data management practices and data hosting roles;
- the development of a central authorization (identity) store;
- development of automatic system connections;
- development of a user self-service (requests, queries, password management),
- auditable system; and
- training and comprehensive commissioning.