IAM Architecture Analysis and Architecture Creation

Haidion can analyze the customer’s current IAM architecture and suggest improvements. Where needed, we can also assist the customer in creating the needed IAM architecture and establishing overall IAM architecture capability.

In IAM issues and environments, we have often found Functional, Data and Technical (Software) Architecture to be useful aspects of architecture work. Haidion can also offer assistance in Application Architecture where and if needed.

Functional Architecture and Data Architecture are often crucial elements for understanding and articulating requirements, design and implementation - they lay the foundation for technical work that realizes the desired information system capabilities. While this is true for all systems development, it is even more so for any IAM activity.

Haidion has expertise in creating, adapting and maintaining Functional and Data Architecture to describe the Customer’s IAM requirements, current state and development goals. Depending on the Customer’s needs, this may include e.g:

  • Identify, capture and process IAM requirements in a meaningful and actionable way

  • Describe Customer’s current IAM state in relevant detail

  • Create and maintain suitable and relevant architectural descriptions for current and/or future states, e.g.

    • Process models

    • Activity diagrams

    • Event state diagrams (e.g. identity, account and entitlement lifecycle diagrams)

    • Data models

    • Data flow diagrams

    • Use Case diagrams and Use Case descriptions

    • Stakeholders mappings

  • Perform Gap Analysis to identify IAM development scope and roadmap

  • Define needed Business and Data Architecture capability

  • Establish methods and practices to maintain (and enhance) capabilities

When building a technical IAM architecture, you must consider various software components and capabilities offered by those components. IAM capabilities include e.g. federation, password management, reporting and monitoring, access management, identity management, provisioning and identity repositories. Many different architectural concerns emerge when you begin to analyse the IAM architecture and component interactions further. For example how are the different IAM services hosted? Are traditional on-premise data centres used, or is the organization willing to consider software-as-a-service (SaaS) and other cloud computing alternatives?

Haidion has in-depth expertise in participating to various activities around Technical IAM architecture. Depending on the Customer’s needs, this may include e.g:

  • Analyse the current technical IAM architecture

  • Create IAM architecture vision together with the customer and establish a architectural roadmap

  • Understand the whole IAM context and the architecturally significant requirements

  • Document, communicate, and represent the IAM architecture

  • Coach the customer to make viable architectural decisions

  • Oversee and contribute to IAM system construction based on the architecture

  • Validate that the IAM implementation conforms to the architecture

IAM Capabilities

IAM capabilities to assessed for Technical Architecture include e.g.

  • Access Management

    • Authentication (Risk-based, MFA)

    • Authorization

    • Access Policies

    • RBAC, ABAC

  • Identity Management

    • Identity lifecycle

    • Identity repositories & directories (LDAP)

    • Identity data sources

    • Identity Provisioning

  • Identity Federation

    • Federated SSO

    • Trust relationships (IdPs and SPs, Identity brokers)

    • API protection (API Gateway trusting 1-N IdPs)

IAM Architectural Considerations

  • Monolithic vs. (micro)services architectures

  • On-premise vs. cloud

  • Standardized vs. vendor lock-in

  • Performance, availability

  • Disaster Recovery, Business Continuity

  • Compliance, Reporting