cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do you organise the management of your IdM system?

Go to solution
Former Member

on ‎03-15-2010 8:54 AM

0 Kudos

Hi Everyone,

We're just starting off on our IdM project and I'm looking for some help and advice around how you've organised roles and responsibilities for managing your IdM system. Things like:

- Who is responsible for managing the RunTime environments?

- Who is responsible for managing the UI infrastructure?

- Who configures Idm using the MMC?

- Who configured IdM using the UI?

I'm a basis guy and have built a sandpit environment to get a look at the product and understand a little more about how it works. At the MMC level it seems all or nothing which makes me question who I should let have access to this. Perhaps I should let more people have access to Dev, but not in Test / Live?? And use the system copy mechanism to promote to live.

Personally I see the Basis team managing the Runtime and UI infrastructure. The 'IdM' / security team managing via the UI, but I'm not clear about who to give access to the MMC.

I'd be grateful for any feedback.

Thanks

Gareth

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-17-2010 9:26 AM
0 Kudos

Hi Gareth

I You are definitely doing the right thing by considering this early in your project. The IdM implementation / configuration is mainly done from the MMC, and I would say that any implementation project member/consultant should have access to the MMC on a dev system, but in a production environment this is a natural tool for a selected IdM administration group.

Best regards

Roy Tronstad

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎04-08-2010 10:41 AM
0 Kudos

No solution, just tidying up open questions.

Show replies
Show replies
Former Member
‎03-18-2010 9:45 AM
0 Kudos

Hi Roy,

Thanks for your comments.

I'm thinking along those lines. Our dev guys tend to be more focussed on functionality rather than non-functional requirements needed in production environments, which is why i'm keen to limit access to test / live.

Gareth

Show replies
Show replies
Former Member
‎03-19-2010 7:51 PM
0 Kudos

Hello Gareth

This question can give a lot of talk. And there is no right or wrong, as it depends mainly how your organization is structured.

Basically I would not split between DEV/QAS/PRD in terms of authorizations. My view is, that those from the business (eg. Head of Accounting) only get privileges on the UI. For example he can approve all requests, change users and such. All that has to do with DB, MMC and others, should be done by the basis guys. I know this is not always possible, but it would be good if one person could do all the tasks. This is good when you need to solve a problem, but can obviously also lead to other problems in security related issues.

Former Member
‎03-22-2010 10:28 AM
0 Kudos

Thanks for replying Christian.

It's interesting you think that the Basis team should do the configuration via the MMC. The more I work with the sytem, the more I think that a single team needs this reponsibility.

We don't have a team in place at the moment that deal with 'identity and roles', one is being created now so our organisation structure in some areas of IdM is still to be decided. It is an open ended question! it's really helpful getting people's thoughts based on experience working with IdM. At the moment I don't have that experience and am having to guess.

Thanks, Gareth

Ask a Question