Security Manager & CM Specialist & Mainframe Specialist en eSoft at eSoft 2006
Jun 18, 2020
Why is identity governance and administration (IGA) important?
By definition it is important, but ¿why? IGA involves maturity in the company, compliance aspects that will be taken into consideration, organization and opportunity to automate from the point of view of business objectives, however, It is important to consider what type of company it is and the competitive agility I require, what is the size of the company, variety of systems, segregation of duties, service agreements to determine if I should invest in these type of solutions
Identity governance and administration are considered important in enterprise IT management. Why?
Yes it is very important because the company is responsible for the information assets and their processes, in addition to the impacts due to a bad reputation for security breaches, provisioning in time to offer the services and much of this falls on those designated in IT Management. Enterprise IT encompasses and takes full advantage of all functionality
How can IM tools help manage IGA?
IM tool is definitely critical because a lot of information that IG gets comes from integrations made with IM and for this, it is important to consider an IM tool with good integration capabilities in the cloud and for legacy and proprietary systems, so for complete help Make sure of these characteristics: diversity of integration with company applications / good integration with the IG solution / do not cause dependencies to develop connectors and specialized personnel in this type of implementation.
In general, IGA already has the IM tool(All in one suite), what must be validated are the characteristics that I mentioned. You will get a satisfactory result if you take it into consideration.
Head of Sales and Business Development at Axalon GmbH
Jun 1, 2021
Why Identity governance and administration are considered so important in enterprise IT management?
Because IGA not only helps you to be compliant with law and segment-specific (banking, Pharma, Healthcare etc.) regulations, but also provides you the chance to become and maintain the overview concerning all IT-transactions in your organisation and even beyond the borders of your organisation (customers, partners, suppliers etc.)
By using a holistic IGA solution, you might be able to
- reduce administrative efforts (and related costs)
- increase the speed of asignments and therefore the availability of necessary permissions and roles inside your organisation
- improve the transparency and governance concerning the appropriate status of access rights within your area of responsibility
- gain an overview about all cross-system user-profiles and their potential risks and advantages within your IT-organisation and their provided services
How can Identity Management (IM) tools help manage IGA better?
- higher grade of automation
- less effort combined with more appropriate results (in user and rights administration)
- higher maturity-level of your organisation and therefore the chance to win more confidence of your customers (existing ones and prospects)
- the use of e.g. so called business roles, helps your management to understand, which kind of rights they're enforced to approve and they know more about the relevance of the IT-administrative processes
Senior Identity and Access Management Specialist at Tieto
Sep 4, 2017
While I can't comment on Forgerock Identity Management, I can still share my two cents on 1IM based on my experience with it for the past few years:
1. Configurations - Mostly wizard based configurations, so it's not to complex in that sense. Configuration options are also plenty. Good out of box connector support for AD, SAP, LDAP etc.
2. Customization - Process orchestration is fairly flexible and allows for creation of custom processes that can invoke various actions. Scripts written within 1IM are in VB.NET.
3. Support - Average support experience so far. In some cases, we get prompt and thorough responses with good follow ups, whereas, sometimes the experience is quite the opposite. Some escalation engineers are very knowledgeable and it can be a really great experience troubleshooting with them.
4. Client implementations - Till now, I have been involved in 3-4 implementations. All of them had varying levels of complexity. While the product allows for a lot of customizations, from personal experience, I would say that it is always a better practice to promote out of box functionalities first even if they require some process changes. Customizations can often get out of hand very quickly and with constant revisions/upgrades happening to the tool, it may be so that customizations don't migrate that well when upgrading. Like the v6 to v7 was a major product upgrade and a lot of v6 customizations did not port over as expected.
Apart from that, I also have a few very specific complaints with the product:
- The DB queue behaves very inconsistently. Recently that caused a lot of grief in one of the implementations we were doing. The DB queue just gets stuck and doesn't process tasks and it has to be "pushed" manually. This happened in the Development environment so it wasn't the end of the world for us, but it was a major inconvenience nevertheless.
- v7 introduced the concept of Extensions on the Web designer (it allowed for re-usability of certain elements within a module/component without the need of copying entire module/component). While I appreciated the idea at first, in practice it did not perform that well. It may just be me, but it was just a convoluted implementation which made the already cumbersome Web designer tool even more confusing.
- Database Transporter issues - Transporting changes across environments can cause problems. Using change labels can sometimes lead to errors and can be a bit frustrating. As a practice, it's better to document changes stored within labels from the very beginning and store all transport files in a shared folder for hassle free migrations. Different kind of changes done (Designer changes, WebDesigner Changes, Sync Editor changes, Schema changes etc) all have different best practices and ways of transporting and it's better to know about that from the beginning.
- Synchronization editor issues - v7 introduced the Sync. editor which is a great tool no doubt, but it doesn't feel robust. I have faced several issues using CSV connectors. Changes made to the schema of the CSV are often not synced up to 1IM even after "Updating Schema" on 1IM end. This can cause the definition of the connector to remain outdated. In some cases, I had to reconfigure the connector from scratch, which in itself is pretty easy to do but it can certainly cause inconvenience.
- Cache issues - Like many tools, 1IM also caches a lot of information and makes use of that for faster processing. While that is okay most of the times, it can be very irritating when the tools keep using cached information even after changes have been made, committed and compiled. Often times, a manual cache deletion becomes necessary, otherwise the changes are never actually "picked" up by 1IM.
Having said that, I still feel the tool is great and is certainly working towards great innovations in the IDM sphere. The GUI is very clean and informative and gives a great visual representation of objects, especially the 360-degree person view which shows person object connected to roles, departments/locations/cost centers, any connector accounts, any compliance violations etc. The tool offers some good reporting capabilities out of the box. A nice IT shop structure with a shopping cart based request/order flow. Robust out of box connectors for AD and SAP that are quite easy to set up. In all of the implementations, there have rarely been any cases where there was a requirement that 1IM couldn't implement.