First Steps With MidPoint: Audience

Last modified 22 Mar 2022 09:54 +01:00
Table of Contents

This guide is targeted at an organization that fits following description:

  • Managing hundreds to thousands of identities.

  • Existing identity processes are mostly manual, possibly with some simple (home-brewed) automation (e.g. scripts or ancient identity management systems).

  • There is no dedicated identity management team. Identity management tasks are executed by general IT staff, as part of their day-to-day responsibilities. However, there is some basic understanding of identity management concepts in IT team.

  • No strict regulation compliance requirements. Alternatively, there may be compliance requirements, yet addressing them is not immediate priority.

  • There is a motivation to improve identity management, with some support from the management and reasonable budget.

  • Typical organizations: mid-size enterprise, smaller government or academic institution, municipality

IT environment of the organization:

  • There is a feasible source of identity data, such as human resources (HR) system. This source has authoritative data on most of the identities. (There is no requirement for the data to be complete or 100% exact). There is a simple way to get the data out of the system, such as structured text export (CSV), or a database view.

  • There is one "main" system that need to be managed, such as Active Directory. Automatic management of identities in this system will provide significant benefits for the organization. Also, there may be several such systems in the organization.

  • There are some operational procedures and conventions in place, such as a convention to systematically generate a username and e-mail address. However, there are likely exceptions, e.g. e-mail address of top management, usernames generated before the convention was in place and so on.

Which means that:

  • Quality of identity data is probably low. The HR system was maintained manually, without any automated validation of the data. There will be typos, outdated and incomplete data. The accounts in Active Directory (or equivalent system) were managed manually, without any regular and automated checks. There will be accounts that belonged to employees that left several years ago. There will be accounts still using maiden names of women that got married years ago. There will be non-conventional usernames and account names.

  • There are limited human resources that can be dedicated for identity management. The implementation must proceed in parallel to the usual IT operation routines, requiring only a reasonable amount of effort.

  • The management will want to see tangible results quite soon. Identity management deployment cannot be executed in a "big bang" way, spending years on analysis and implementation.

  • The ideal plan would be to proceed in iterations, providing value in small steps. Each step taking several months, at most.

No free lunch
We live in a material world. Money are needed to do almost anything. Identity management is no exception. Even though midPoint is an open source platform and there are no licence costs or any other costs directly associated with use of midPoint, the identity management deployment is not free. You will need money to pay your staff, pay for trainings, assistance and support. Reasonably-sized budget is needed to get tangible results.

Please see also First Steps With MidPoint: Current Situation for more notes on the environment and assumption for which is this guide designed.