Many companies are putting a lot of effort in managing their identity repository which is supposed to represent the current user and organizational information. Keeping the identity repository up to date is often time consuming and hard work since organizations is constantly transforming. New employees are introduced, existing employees move between business units and some quit. Moreover the organizational structure transforms in the same way adding yet another dimension of complexity.
Some companies have succeeded in managing this type of identity repository to a desirable degree. Some may even have succeeded in doing this with technical, automated solution that doesn’t even require people behind the controls. If you are not part of one of these organizations I hope that this post will bring a new perspective to the situation and contribute on your path towards a fully automated and managed identity repository.
Now the identity repository is merely one part of the two key components in this post. The other one; self-service is the other. I won’t preach about self-service in itself (I'll do that later) but rather bring it up in relation to the identity repository. A self-service solution is often built on top of, and dependent on, a more or less existing architecture of which the identity repository is one part. When introducing self-service some may have the perception that the identity repository have to be complete in order to succeed. That is the perception that I don’t share and would like to put in different light. The reason is my belief of synergy between these two rather complex parts in which the self-service solution could contribute in bringing the identity repository closer to a complete state.
Standardize the input controls in the self-service solution, require user input and validate the data as much as possible. Then use the information to fill the gaps in the identity repository and let it apply until there is a more reliable way of retrieving information with higher quality.
Letting the user repository be updated in parallel with the introduction of a automated self-service solution you will:
1. Get started with the self-service solution independently of the quality of the identity repository, giving the employees the possibility to gain from the self-service solution benefits.
2. Get your identity repository updated and closer to a complete state until a better way of doing this exist.
The degree of options for the employees and validation of input is- of course – determining the quality of the information brought in from the employee.
Either if you are an employee of one of the companies that have a complete identity repository or if you’re fighting problems on your way getting there, I think that you are in the possession of many great experiences and knowledge in this topic. In that case I welcome your feedback and encourage you to stay tuned and keep in touch to discuss more on this topic.
