Who are the stakeholders for an IAM project

• Product and technology

For a successful Identity and Access Management (IAM) project, it is important that all stakeholders are involved. IAM is still too often treated primarily as a technical IT exercise. That not only increases the risk of problems during rollout and user acceptance, it also makes it likely that you will not make optimal use of all capabilities. Because IAM becomes deeply woven into your IT infrastructure, you want to get this right the first time. In this blog we therefore explain each stakeholder’s role.

By involving all relevant departments and specialists from the start, they can provide valuable input to inventory the requirements and impact of the solution and help you achieve your goals. That goodwill and support is especially important because IAM project teams often do not have formal power or authority.

But which stakeholders are we talking about? The stakeholder analysis for an IAM project often includes more parties than for typical IT systems. IAM is the central access layer for all employees to all business systems and data. A solid stakeholder analysis is a strong starting point for your project. The stakeholder analysis will differ by organization, but in general you will certainly encounter the parties below.

IT management

The IT department is responsible not only for ensuring that the IAM solution is technically feasible and meets technical requirements. The outcomes must also align with the organization’s strategy, policies, and needs. To achieve this, IT works closely with stakeholders such as HR, Security management, and Finance, which we explain later in this blog. There are also multiple parties within IT with their own interests and involvement in the IAM project. Examples include:

• The CIO: IAM is a central platform in the IT landscape that plays a critical role in information security. It is therefore important that the Chief Information Officer (CIO), as the project sponsor, provides sufficient people and budget for rollout and maintenance. The CIO is also closely involved in alignment with other stakeholders, such as Security and HR management, because these often concern strategic issues.

• Application administrators: The IAM solution sits at the center of the IT landscape and will be integrated with many systems. This includes not only the often dozens of target systems, but also the directory system and the HR application that serves as the source system. The application administrators of these systems are important for assessing the integration and technical aspects and play a key role in implementing the connectors. Good coordination with them makes your project run much more smoothly.

• Help desk: The IAM solution is very visible to end users. Adoption of the IAM platform must go well and users must receive proper support with questions and any issues related to accessing systems and data. The first point of contact for those users is the IT help desk. This makes the help desk an important stakeholder for the IAM platform, so involve this team during design and implementation. The IT help desk must know how the solution works and have the right tools and procedures to support end users effectively. They can also provide valuable input to the project because they see which user and access management tasks are time-consuming for them or cause long lead times for end users.

Security and Privacy Management

IAM is not simply a technical solution that, like other applications, must meet security standards and requirements. The CISO will be actively involved in the platform choice because it plays a key role in access security for all employees to all available applications and data. Through the integration of onboarding, change, and offboarding processes, account management, and role based access control (RBAC), IAM is an essential tool to prevent data breaches. It is also a primary data source for audits and investigations into security incidents. This means the CISO and the broader security and privacy team must be actively involved from the very first moment. Make them partners in the IAM project as key stakeholders.

HR management

A future-proof IAM prefers to use the authoritative HR personnel data as source data for user accounts. This prevents mismatches between the list of accounts used and the actual workforce. This makes your HR department an immediate key stakeholder. The HR organization and systems do not need to change how they work, but the HR system must be connected to the IAM platform. Close coordination with HR is required for that connection to determine which employee data can be exchanged.

Your HR manager will gain a lot in return. Thanks to the connection between HR and IAM, onboarding of new employees can be further automated. As soon as someone exists in the HR system, that person’s account and access rights are automatically created and activated. For subsequent role changes, employees can also be provisioned fully automatically with updated rights and applications. When someone leaves the organization, IAM ensures that this person immediately loses access to sensitive personal data.

Not only does the HR system supply data to the IAM platform. The IAM platform then also creates the user accounts for employees on the HR system, so employees can manage their own personnel data. This closed loop between HR and IAM provides an additional confirmation that the onboarding process has been completed correctly.

End users

An IAM solution improves access security to applications and data within an organization. At the same time, it can make work more user-friendly for end users. For example, HelloID can ensure that employees only need to log in once, after which they receive direct access to all their applications and data through Single Sign-On. Employees can also easily request additional applications themselves through the Service Automation module. By involving end users, and also managers, as stakeholders in the IAM project, you can ensure that the platform meets their needs and is indeed easy to use. By asking some end users to act as ambassadors, for example as testers, you can also facilitate acceptance and adoption across the organization.

Finance management

The finance department will normally review the investments and costs of an IAM solution closely. It is important to discuss the benefits of an IAM project together as well. Today, organizations often spend thousands per employee per year on licensing costs. Unfortunately, hundreds of thousands per year are often spent on so-called dormant licenses. These range from unnecessary individual application licenses to employees who left long ago but still have fully active accounts.

With an IAM solution such as HelloID you always have insight into who has access and what the IT footprint is for their department or business process. HelloID can also automatically ensure that unnecessary accounts and application licenses are deactivated, so you no longer pay for them. Involve the finance specialists in your project from the start. Together, map not only the costs but also the savings you can achieve. That will turn the finance manager into a sponsor of your project.

Keep this 360-degree analysis current

Start your project with a tour through the organization to determine which parties must be involved as stakeholders. Think outside the box. For example, if an organization uses a contingent workforce, it may be useful to also coordinate with the firm from which you hire temporary workers regarding their user accounts. The same applies to students at universities who are not registered in the HR system but in a separate student system. Make it truly a 360-degree analysis and use new insights to keep your stakeholder analysis up to date.

• privacy
• HelloID
• HR
• IAM
• it-security
• stakeholders
• IT-Management