Dynamic schema recognition: Access to each target system's schema is required during IdM deployment.
However, delays are commonplace due to the time to physically track down the System Administrator to obtain the
schema, and to manually load it into the IdM solution. Make sure your solution can automatically capture or refresh
any schema from any connected system at the push of a button.
Featherweight connectors: While out-of-the-box connectors are an important element of a buying decision, analyst
now agree that the ability to quickly create/modify connectors is of greater importance. Make sure that the vendor's
connector design off-boards data mapping and transformation to the IdM server. Based on the number of
connectors, this feature can eliminate days or weeks from the deployment schedule.
Rapid policy management capability: User entitlements and Separation of Duties are often programmed directly
in workflows. This approach can add months to a deployment as the workflow programmers must mentally translate
business rules and logic into technical requirements, then enter that code into the workflow. Separating Policy
Management from workflows is essential for rapid deployment, as it vastly simplifies both activities, takes far less
time and effort, and even empowers business people to rapidly create their own policies.
Ease of change: Business workflow changes are common, but are time-consuming and costly when dealing with
programmed (scripted) workflows. A single modification can result in updating several areas of a program, which
then must be tested and validated. Programming-free workflows and policies provide the visibility needed to quickly
locate areas to update, and the simplicity of a point-and-click interface.
Compliance reports and audit tools: Review each vendor's compliance offering and determine how well its out-of-
the-box capabilities meet your current and projected needs. For example, can it instantly and automatically compare
the entitlements provisioned by the IdM solution against the actual entitlements currently on the target systems? Are
the supplied compliance dashboards and reports representative of your needs or will you need to create new
reports? Does it provide a flexible, dynamic method for enforcing Separation of Duties rules?
Job aids: Make sure the solution includes tools and shortcuts that speed and simplify routine tasks. For example:
Wizards and out-of-the-box workflows enable organizations to focus on their unique requirements.
Ensure that Roles are optional: Managing user entitlements via roles may be preferred by some organizations, but
Dynamic Groups and Policies may more easily and quickly model the organization's processes.
Rapid deployment of IdM is a reality today, but it is uncommon as only one vendor has proven to have the advanced
Identity Management architecture needed to attain this goal. For example, a Fortune-500 organization has deployed
this advanced suite (Fischer Identity Suite) to address Sarbanes-Oxley requirements in less than 90 days using only
one internal resource, without additional services.
Gartner, Witty, R. J. (2005). IAM Phasing and Futures, Gartner IT Security Summit. June 2005.
Rapidly Deploying Identity Management for Regulatory Compliance
Fischer International: Business Brief