Information Technology Reference
In-Depth Information
Provisioning tasks
1. Prepare a mail in advance of the actual roll-out informing users of the
cutover date and their new user IDs (if required) after that date.
2. Based on the list of current application users drawn from its user
database, run batch scripts to do the following:
a)
Assign UUIDs to these users
b) If login user IDs need to change to conform to an enterprise
standard or convention, apply these new user IDs.
c) Either batch-load the UUIDs into the application (if it can hold such
references) or batch-load the UUID-application user ID mapping into
IAM's Associated System table.
d) On the cutover day (or night), run a batch script to insert user
records into the IAM directory and database. The batch script will
generate random passwords and create them in the directory as expired
passwords. This will force the user to change their password on first
login.
e) Send out two emails to each user, one with the application's URL
and the new user ID, and a separate one with their password. Inform
them that they will need to set their password on first login, and it will
need to conform to the organisation's password policy.
These are the same operations you would perform each time a new
application is to be “onboarded” to the IAM ecosystem. They are fairly
standard (although each application will require special tweaks) and are
consequently easy to estimate. The costs are likely to be low enough to
justify funding from a project bucket rather than require enterprise
intervention.
With each such roll-out, you would be taking your organisation a step closer
to its IAM nirvana.
