Information Technology Reference
In-Depth Information
as long as the users understand that they will enter their IAM SSO
credentials when trying to access the first application. The second
application will silently use their LAN credentials.
Manual provisioning
User provisioning is a function that is typically carried out by a back-end
Security Operations department. The demand for automation of user
provisioning typically comes from those managing this function as a cost
centre. Business projects and business units typically don't care about this
because the effort is transparent to them. So automated user provisioning is
one of those IAM features that you may find hard to get funded through
project budgets, and the development here may only inch forward unless
you secure some enterprise funding to help out.
The moral of the story is that while new applications will keep coming under
the IAM umbrella from an Access Management perspective (the most visible
and sensitive aspect for auditors), the back-end Identity Management side
will usually lag behind quite badly. You may go for long periods with an
increased manual provisioning load while you cope with the larger number
of users being managed by IAM.
Keep the user provisioning screens as easy to use as possible, so the burden
on the administrators is lessened. And keep lobbying with the powers-that-
be for increased funding for automated user provisioning. Fortunately, the
headcount savings through automation are tangible, so a business case for
this can eventually be made.
