Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
  • 6
  • 24

When evaluating User Provisioning, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

PeerSpot user
6 Answers
Umair Akhlaque - PeerSpot reviewer
Enterprise Solutions & Services Head at Duroob Technologies
Real User
Top 10
Oct 20, 2021

You need to have a proper vision of Identity & governance with you. Now generally you have two approaches either you execute the Role mining processes across various directories map with Roles & Responsibilities along with segregated duties among departments. 

Or you take a non-traditional approach to grasp the major directories: start with self-reset,  enrollment, provisioning de-provisioning, the elevation of provisions through a workflow process and go for least provision to most common directories that associate with all employees. 

This is what I generally recommend to my customers: a pyramid approach - from top to bottom. So geared up and equipped with your most problematic issues against identities and reduce the risk against automation and then for the first process which I explained earlier. 

In my experience, this approach will bring quick. Otherwise, some projects end up a software "in a desert", without any results in IAM projects. 

Search for a product comparison in User Provisioning Software
Efrén Yanez - PeerSpot reviewer
Security Manager & CM Specialist & Mainframe Specialist en eSoft at eSoft 2006
Real User
Jan 22, 2020

The first is the ability to cover many integrations and heterogeneous platforms (clouds, databases, web services, iSeries, mainframe, proprietary applications etc.), secondly the ease to create the integrations with the least effort and third the capacity to adapt the provisioning flow to involve business rules, SoD and identity governance processes

Jan 22, 2020

Shop system. Order and approval processes.

Monica Stewart - PeerSpot reviewer
IT Security GRC Manager with 1,001-5,000 employees
Real User
Apr 12, 2019

Automation, audit trails and approvals, shared responsibilities across departments, open API for integration.

projectm922545 - PeerSpot reviewer
Information Technology Project Manager - Virtualisation / Datacenter at a tech services company with 201-500 employees
Real User
Aug 29, 2018

Diminution du risque et simplicité d'accès.

it_user678855 - PeerSpot reviewer
Infrastructure & Security Consultant / Architect at a comms service provider with 10,001+ employees
Jun 11, 2017

Reduce Administrative overhead
Reducing risk
Shift responsibility to the correct place (account owner / platform owner)

Find out what your peers are saying about SailPoint, One Identity, Omada and others in User Provisioning Software. Updated: November 2022.
654,218 professionals have used our research since 2012.
Related Questions
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Jun 1, 2021
Why Identity governance and administration are considered so important in enterprise IT management? How can Identity Management (IM) tools help manage IGA better?
See 2 answers
Efrén Yanez - PeerSpot reviewer
Security Manager & CM Specialist & Mainframe Specialist en eSoft at eSoft 2006
Jun 18, 2020
Why is identity governance and administration (IGA) important? By definition it is important, but ¿why? IGA involves maturity in the company, compliance aspects that will be taken into consideration, organization and opportunity to automate from the point of view of business objectives, however, It is important to consider what type of company it is and the competitive agility I require, what is the size of the company, variety of systems, segregation of duties, service agreements to determine if I should invest in these type of solutions Identity governance and administration are considered important in enterprise IT management. Why? Yes it is very important because the company is responsible for the information assets and their processes, in addition to the impacts due to a bad reputation for security breaches, provisioning in time to offer the services and much of this falls on those designated in IT Management. Enterprise IT encompasses and takes full advantage of all functionality How can IM tools help manage IGA? IM tool is definitely critical because a lot of information that IG gets comes from integrations made with IM and for this, it is important to consider an IM tool with good integration capabilities in the cloud and for legacy and proprietary systems, so for complete help Make sure of these characteristics: diversity of integration with company applications / good integration with the IG solution / do not cause dependencies to develop connectors and specialized personnel in this type of implementation. In general, IGA already has the IM tool(All in one suite), what must be validated are the characteristics that I mentioned. You will get a satisfactory result if you take it into consideration.
Enno Hoffmann - PeerSpot reviewer
Head of Sales and Business Development at Axalon GmbH
Jun 1, 2021
Why Identity governance and administration are considered so important in enterprise IT management? Because IGA not only helps you to be compliant with law and segment-specific (banking, Pharma, Healthcare etc.) regulations, but also provides you the chance to become and maintain the overview concerning all IT-transactions in your organisation and even beyond the borders of your organisation (customers, partners, suppliers etc.) By using a holistic IGA solution, you might be able to  - reduce administrative efforts (and related costs) - increase the speed of asignments and therefore the availability of necessary permissions and roles inside your organisation - improve the transparency and governance concerning the appropriate status of access rights within your area of responsibility - gain an overview about all cross-system user-profiles and their potential risks and advantages within your IT-organisation and their provided services How can Identity Management (IM) tools help manage IGA better? - higher grade of automation - less effort combined with more appropriate results (in user and rights administration) - higher maturity-level of your organisation and therefore the chance to win more confidence of your customers (existing ones and prospects) - the use of e.g. so called business roles, helps your management to understand, which kind of rights they're enforced to approve and they know more about the relevance of the IT-administrative processes
it_user667554 - PeerSpot reviewer
IAM Technical Specialist at a consultancy with 10,001+ employees
Sep 4, 2017
We are looking at analyzing both products, from the points of: 1. Configuraitons 2. Customization 3. Support 4. Various client implementations Can you advice or suggest your opinion?
See 1 answer
it_user585720 - PeerSpot reviewer
Senior Identity and Access Management Specialist at Tieto
Sep 4, 2017
While I can't comment on Forgerock Identity Management, I can still share my two cents on 1IM based on my experience with it for the past few years: 1. Configurations - Mostly wizard based configurations, so it's not to complex in that sense. Configuration options are also plenty. Good out of box connector support for AD, SAP, LDAP etc. 2. Customization - Process orchestration is fairly flexible and allows for creation of custom processes that can invoke various actions. Scripts written within 1IM are in VB.NET. 3. Support - Average support experience so far. In some cases, we get prompt and thorough responses with good follow ups, whereas, sometimes the experience is quite the opposite. Some escalation engineers are very knowledgeable and it can be a really great experience troubleshooting with them. 4. Client implementations - Till now, I have been involved in 3-4 implementations. All of them had varying levels of complexity. While the product allows for a lot of customizations, from personal experience, I would say that it is always a better practice to promote out of box functionalities first even if they require some process changes. Customizations can often get out of hand very quickly and with constant revisions/upgrades happening to the tool, it may be so that customizations don't migrate that well when upgrading. Like the v6 to v7 was a major product upgrade and a lot of v6 customizations did not port over as expected. Apart from that, I also have a few very specific complaints with the product: - The DB queue behaves very inconsistently. Recently that caused a lot of grief in one of the implementations we were doing. The DB queue just gets stuck and doesn't process tasks and it has to be "pushed" manually. This happened in the Development environment so it wasn't the end of the world for us, but it was a major inconvenience nevertheless. - v7 introduced the concept of Extensions on the Web designer (it allowed for re-usability of certain elements within a module/component without the need of copying entire module/component). While I appreciated the idea at first, in practice it did not perform that well. It may just be me, but it was just a convoluted implementation which made the already cumbersome Web designer tool even more confusing. - Database Transporter issues - Transporting changes across environments can cause problems. Using change labels can sometimes lead to errors and can be a bit frustrating. As a practice, it's better to document changes stored within labels from the very beginning and store all transport files in a shared folder for hassle free migrations. Different kind of changes done (Designer changes, WebDesigner Changes, Sync Editor changes, Schema changes etc) all have different best practices and ways of transporting and it's better to know about that from the beginning. - Synchronization editor issues - v7 introduced the Sync. editor which is a great tool no doubt, but it doesn't feel robust. I have faced several issues using CSV connectors. Changes made to the schema of the CSV are often not synced up to 1IM even after "Updating Schema" on 1IM end. This can cause the definition of the connector to remain outdated. In some cases, I had to reconfigure the connector from scratch, which in itself is pretty easy to do but it can certainly cause inconvenience. - Cache issues - Like many tools, 1IM also caches a lot of information and makes use of that for faster processing. While that is okay most of the times, it can be very irritating when the tools keep using cached information even after changes have been made, committed and compiled. Often times, a manual cache deletion becomes necessary, otherwise the changes are never actually "picked" up by 1IM. Having said that, I still feel the tool is great and is certainly working towards great innovations in the IDM sphere. The GUI is very clean and informative and gives a great visual representation of objects, especially the 360-degree person view which shows person object connected to roles, departments/locations/cost centers, any connector accounts, any compliance violations etc. The tool offers some good reporting capabilities out of the box. A nice IT shop structure with a shopping cart based request/order flow. Robust out of box connectors for AD and SAP that are quite easy to set up. In all of the implementations, there have rarely been any cases where there was a requirement that 1IM couldn't implement.
Related Categories
Download Free Report
Download our free User Provisioning Software Report and find out what your peers are saying about SailPoint, One Identity, Omada, and more! Updated: November 2022.
654,218 professionals have used our research since 2012.