Okta - Proof of Concept by Cloudworks
Okta - Proof of Concept by Cloudworks

Implementation and development

Having done numerous successful IAM implementations, we know how to organize such projects and what is needed to ensure a good result. We also know how to pinpoint a customer's particular needs and accommodate them into the projects we do for them.

IT-project vs organizational change

Initially, we identify to which degree the project is an IT project or an organizational change. Limited IAM projects focusing on Single Sign-On are often more technology-driven and involve fewer organizational elements. On the other hand, introducing a comprehensive IAM solution requires much more understanding of the organization and the way it works. Because of this, we know how to adopt our methodology to the scope and objectives of the project.

The main principles behind the methodology are:

  • Modular division of the project into several phases. Each phase consists of 3 parts:
    Planning: Clear definition of objectives and acceptance criteria, for example in the form of user stories
    Implementation: Installation, configuration, development, and continuous unit testing
    Test and handover: Acceptance test, handover to operation and management
  • Early involvement of the customer in mapping roles and processes, often organized as a separate subproject. In general, we strive to work closely with the customer through joint project teams and steering committee consisting of key stakeholders from all parties involved.
  • Value creation for the organization as early as possible. This is especially important for larger implementation projects. The solution should simplify the daily life of the company long before the project is completed. Our projects are therefore more like sprint iterations than traditional waterfalls

Roles in the project

  • Project Manager: Responsibility for planning, coordination, and follow-up of progress. Provides reports for this as well as on quality and finances
  • IAM Advisor: Advises the client and ascertains functional needs. Clarifies the consequences for the organization
  • IAM Architect: Responsible for solution design and project implementation
  • IAM Solution Engineer: Sets up and configures the solution
  • IAM Developer: Responsible for developing integration components

We adapt the project team to the needs of the client and the project. In smaller projects, the same consultant can fill several roles.

Digitalization of the identity life cycle

We customize the IAM solution to automate key events within the identity lifecycle such as user creation, relocation, or termination. The events usually start outside IAM, in the HR system, a CRM database or directly in Active Directory, and govern what should happen to the identity. The update often involves establishing or removing user access but also adapting the previous access profile, e.g. when a user moves internally within the organization.

Interesting challenges arise when the same person can act as both employee and customer (or member). The employee identity comes from the HR system, while the customer identity has originated from the organization's Ecommerce solution. Without an IAM solution, this creates challenges because these two roles appear to be two separate users. When introducing the IAM solution, we then ensure that the user's different identities are combined into one user object and that access is controlled depending on which "hat" the user is wearing in a given context.

Self-service portal

The portal is used for everything from resetting passwords to requesting and approving new accesses. We adapt the request process to the needs of the organization. Certain requests may need to be approved by different people depending on the person's position, his/her department or the requested access. In some cases, it might even be needed to have several people collectively authorize the request.

It is also possible to extend the portal with several features. For a shipping company, we have adapted the request process so that the customer can specify which port the access request applies to. In this instance, the portal needed to be integrated with a third party system that contained information about the ports in question.

Integration with source system and other systems

We integrate the IAM solution with existing systems, such as HR applications and Active Directory, but also applications that the IAM platform should control access to and authenticate users for. Depending on the application, integrations are done based on the IAM platform's included integration modules, or programmed by our developers.

Our numerous implementations are a great benefit in this work, since with each one, we expand our portfolio of available integrations that can be re-used and adapted for other organizations.

Test and quality assurance

Quality assurance ensures that project processes produce predictable deliverables of good quality, and it is based on the following key processes:

  • Predefined quality controls frequently verified during the project
  • Standardized approach to entitlements and policy definition processes
  • Data quality verification and rigorous solution tests

End-user training

An Identity Governance solution is a tool to support business processes related to user management, support and security management:

  • End users should be able to order access and update the selection of profile information
  • Managers should review roles and orders and be able to set up a substitute during periods of absence
  • The security officer shall carry out access audits and follow up deviations

Therefore, for a successful introduction, it is crucial that the organization becomes familiar with relevant functionality, in the simplest way possible. We solve this by providing good information to the organization at all stages of the project, as well as facilitating user-friendly training:

  • E-learning in the form of short videos tailored to the customer's solution
  • Technical courses (on-site or remote) for support and system owner

Program assistance

In addition to taking responsibility for the IAM implementation itself, we can also facilitate with management engagement, profit realization analysis, feasibility studies and Proof of Concepts.