IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here are some general strategies for enterprise to consider:

  • Obtain executive sponsorship because IAM is an important part of information security
  • Understand your business and define processes first
  • Automate provisioning process
  • Offer self services to employees
  • Buy: Directory Servers, Meta Directories, Virtual directory servers, Administration products (directory and PKI management tools, and provisioning products)
  • Build: Access Layer, Workflow Processes
  • Architect: Integrates above compoments and processes together, takes forethought and skill (may not need all components at first)
  • Lay out requirements and business logics as much as possible before starting integration
  • Before signing a contract with any vendor, check out references and foster a good partner relationship

*Note: Gartner and Forrester have 4 A's with additional Administration. Auditing is also referred as Audit or Accounting or Accountability.