First Steps With MidPoint: Audience

Managing hundreds to thousands of identities.

Existing identity processes are mostly manual, possibly with some simple (home-brewed) automation (e.g. scripts or ancient identity management systems).

There is no dedicated identity management team. Identity management tasks are executed by general IT staff, as part of their day-to-day responsibilities. However, there is some basic understanding of identity management concepts in IT team.

No strict regulation compliance requirements. Alternatively, there may be compliance requirements, yet addressing them is not immediate priority.

There is a motivation to improve identity management, with some support from the management and reasonable budget.

Typical organizations: mid-size enterprise, smaller government or academic institution, municipality

There is a feasible source of identity data, such as human resources (HR) system. This source has authoritative data on most of the identities. (There is no requirement for the data to be complete or 100% exact). There is a simple way to get the data out of the system, such as structured text export (CSV), or a database view.

There is one "main" system that need to be managed, such as Active Directory. Automatic management of identities in this system will provide significant benefits for the organization. Also, there may be several such systems in the organization.

There are some operational procedures and conventions in place, such as a convention to systematically generate a username and e-mail address. However, there are likely exceptions, e.g. e-mail address of top management, usernames generated before the convention was in place and so on.

Quality of identity data is probably low. The HR system was maintained manually, without any automated validation of the data. There will be typos, outdated and incomplete data. The accounts in Active Directory (or equivalent system) were managed manually, without any regular and automated checks. There will be accounts that belonged to employees that left several years ago. There will be accounts still using maiden names of women that got married years ago. There will be non-conventional usernames and account names.

There are limited human resources that can be dedicated for identity management. The implementation must proceed in parallel to the usual IT operation routines, requiring only a reasonable amount of effort.

The management will want to see tangible results quite soon. Identity management deployment cannot be executed in a "big bang" way, spending years on analysis and implementation.

The ideal plan would be to proceed in iterations, providing value in small steps. Each step taking several months, at most.