Complications Of Implementing An IGA Solution For Your Organization

Say your organization has been looking at an Identity and Access Management (IAM) or an Identity Governance and Administration (IGA) solution.  Better yet, say that your organization has successfully implemented the solution and completed the first phase of the integration.  What does it look like?  The authoritative source for your data is most likely triggering automated provisioning to downstream applications; users are most likely taking advantage of the new self-service portal for their access-requests; and, everything is hopefully working quite smoothly in your production environment.

Before we go any further, let’s talk about what the words role and entitlement typically mean.  For most IAM and IGA vendors, an entitlement is a granular piece of access.  This can take the form of an Active Directory group, a database role, or any single piece of access for a given application.  Entitlements are the foundation for roles, which act as a collection of granular access.  While the method for requesting and configuring roles or entitlements differs from vendor to vendor, the high-level idea remains intact across the board.

As time passes, and your user-base grows more familiar with the nuances of their new ecosystem, you are bound to experience complications regarding the request and approval processes.  Ask yourself a few questions:  How can I configure and re-use complex approval chains for my access?  How do I request multiple roles or entitlements for multiple users?  Is any of this functionality available out of the box?

Identifying Answers To Your IGA Solution Complications

The short answer to the final question is, “some of it will be.”  Identifying the answers to the previous questions will tell you what is or isn’t.  Inefficiencies within the access-request process are something many organizations are unaware of until they are at a level of maturity with their implementation where it becomes visible.  Let’s face it, when the IGA tool is implemented properly, it is most likely going to provide a better user experience than what was in place before, so it’s only natural that you won’t identify the quirks until everyone has comfortably settled in.  Some of these issues may not be immediately noticeable but will become visible over time.  If a user requests multiple entitlements or roles in a single request, and each item shares the same approval chain, do they appear to the approvers in a single approval?  Or, do they have to deal with the requested access one approval at a time?  How easy is it to configure whom to escalate to if no one takes action within a certain amount of time?  It’s fairly standard to send emails to approvers with links taking you back to an IGA solution to act upon requests, but what happens when an approver is a group without members?

At GCA Technology Services, we’ve worked with many technologies and have witnessed the strengths and weaknesses of each.  Our innovative staff has worked hard to create flexible frameworks to solve the problems above before they become issues for your organization.

Want to learn more? Contact us today for a complimentary consultation on how we can help enhance the effectiveness of your organization’s IAM and Governance tools.