Services > IAM Architecture and Implementation > Projects
While thinking new ideas and requirements related to Identity and Access Management most organizations have difficulty in deciding what strategy to adapt for developing their IAM capabilities. The three fundamental tools for helping in decision making are Proof of Concept (POC), Prototype and Minimum Viable Product (MVP).
Why does an organization need an IAM POC, prototype or an MVP? The organization can potentially save a lot of money by not investing in an unsuccessful IAM project. IAM POC can prove that an idea could actually work. IAM prototype can verify that the software can interest end-users and is user-friendly. In this logical chain, POC comes first, Prototype next and the MVP comes after these two concepts before a full-fledged product in operation:
Proof of Concept → Prototype → Minimum viable product → Full-fledged product
Haidion can help your organization whether you are choosing POC, Prototype or MVP as your approach in your IAM project.
“Proof of concept (PoC) is a realization of a certain method or idea in order to demonstrate its feasibility or a demonstration in principle with the aim of verifying that some concept or theory has practical potential” — Wikipedia
A POC is a small project that aims to validate whether a certain idea can be implemented. An example from the IAM world could be testing whether an automatic provisioning of accounts and permissions to an old legacy system could be done.
“A prototype is an early sample, model, or release of a product built to test a concept or process or to act as a thing to be replicated or learned from” — Wikipedia
A prototype answers the questions of how something will be done, how it will look, and how it will be used. The prototype is a model of the IAM system and should allow different stakeholders to visualize the user experience. An example would be an end-user UI that enables basic IAM functionality with dummy user data.
“A minimum viable product (MVP) is a product with just enough features to satisfy early customers and to provide feedback for future product development” — Wikipedia
MVP is a working IAM implementation with a minimum set of features to create value to real users. It provides ways to gather usage patterns and get direct feedback from various IAM stakeholders.
Haidion can implement POC/Prototype/MVP against identified customer needs and requirements, to help customer test IDM/AM concepts in lifelike environment. Our preferred technologies for this are:
The preferred deployment method are containers that encapsulate a lightweight runtime environment and enable you to run IAM software either on personal laptop, private data center or in the public cloud.
Full-scope IAM Implementation Project
Once an organization has determined a need for Identity and Access Management (IAM) solution, it is time to actualize that need. This is usually done by executing an IAM implementation project that establishes the organization’s base IAM (technical) capability.
Before starting the implementation, organization needs to determine
What the solution will be used for - what are the actual requirements for the solution?
To discover and articulate the requirements in unambiguous and communicable manner, it is worthwhile to do requirements discovery and modelling.
Usually, the requirements are divided between IDM (Identity Management) and AM (Access Management) needs. These two fields of discipline employ very different techniques and provide answers to different sets of requirements - organization must determine what issues it is trying to resolve.
What is the scope of the solution?
IAM projects often fail because they try to resolve too many issues at once. Success is more likely if IAM implementation is divided (“roadmapped”) into smaller parts, where the parts that have few dependencies to other parts (and which can bring immediate value to the organization) are executed first. IAM Prestudy is a tool that can be used for scoping and roadmapping an IAM undertaking (IAM Prestudy is also useful in determining how IAM solution can be fitted into and leverage the organization’s current IT services).
What technology is most suitable for implementing the IAM solution?
Sometimes, an organization has a clear vision of what tools and products should be used to execute its IAM vision. However, it often happens that suitable tool needs to be selected in a bidding contest, using RFP process.
Once organization’s IAM vision is clear and technology has been selected, IAM implementation can start.
IAM Implementation Project
Haidion has the capability to execute full-scale IAM implementations. We have most experience with ForgeRock and Oracle IAM products, but are willing to try our hand with other technologies as well. Where required, we can call on our Partner network to provide needed expertise.
The project starts by producing
List of preliminary activities
Project plan (with mutual responsibilities agreed)
Impact analysis and impact mitigation plan
Sometimes, is is necessary to execute certain preliminary activities - e.g. target systems cleanup, role mining, data enrichment and cleanup, lower environments installation etc. - before actual implementation work commences. This work has dependencies with parts of the implementation, and must be orchestrated to avoid unnecessary implementation delays.
The actual work is done using agile methodologies. We aim to produce early releases, to achieve measurable value at early stages of implementation. Where allowed by the technical environment, we will leverage DevOps. The customer’s intense involvement in all implementation stages is required, to resolve open issues and facilitate cooperation with the customer organization.
The project ends when the selected parts of the roadmap have been deployed to production, and are being supported by the nominated support organizations.
IAM activities do not end when the implementation project does - IAM is never ready. It is crucial that continued IAM development is fostered in service mode. To do so, customer organization needs to take of running and managing IAM service as part of the organization’s service portfolio.