A healthy organization today is anything but static. Growing enterprises are always hiring new talent, enabling employees to pursue new opportunities within the organization, and seeing some employees leave the organization. They often make use of contractors and other temporary resources who come and go. Moreover, the organization’s employee base can change radically due to mergers and acquisitions. Before you can effectively use an identity management system, you need to clean up your data so that:
• Each employee has a unique ID that is valid organization-wide.
• Each account on each IT system is assigned a unique ID.
• The assignment of employees to organizational structures and functional units is unique and consistent.
While manual cleanup is possible for some organizations, automation is advisable. Here are some best practices for when to automate your identity management system:
• The organization has more than 1,000 IT users — With so many users, manual assignment methods become unwieldy, and accuracy and consistency will suffer.
• There is no reliable master structure for the administration of unique IDs — In principle, an HR system could suffice, since HR has to identify each employee to ensure that each person gets exactly one paycheck. In practice, however, using an HR system to assign unique IDs is problematic. HR systems are often distributed over several unconnected systems; new employees are often not entered into the system until weeks after they have joined the organization and external personnel may not be included in the HR system at all.
• Organizational structures have grown over time — Organizational growth often results in a complex system landscape, which may be largely undocumented. For example, uncompleted migration projects may have left behind old, unmaintained systems, and mergers and takeovers may have added new IT systems with different structures. Large organizations may have several HR systems and dozens of enterprise resource planning (ERP) systems, and directory services may not be centrally organized.
• Data models are too different — Sometimes data models are so different that data cannot be automatically consolidated on one system, even when the standard software release versions are the same.
Learn more. Download Reduce risk by cleaning up and maintaining your user accounts tech brief.