Sidebar: Knowing Who You Are

One of the fundamental requirements to successfully rolling out an identity management project is to have an authoritative source for identity information, users say.

"If you have no concept of who your employees are or where your core ID information is coming from, all you are doing is amplifying noise," says Brian Buege, manager of application frameworks at Southwest Airlines.

The sheer diversity of systems in an enterprise network -- each with its own user profiles -- has resulted in identity stores popping up everywhere. To have a good ID management process, it's vital to have one version of the truth when it comes to user identities, says Giuseppe Cimmino, director of corporate technology at Discovery Communications.

Discovery decided to use its main human resources database system as its authoritative source when it recently implemented a Web access management technology from Netegrity.

Human resources records offer the most accurate and up-to-date information on a user's status within the company and are therefore the best identity source, says Ramin Safai, associate vice president of information security at Lehman Brothers.

Lehman is in the midst of a major account-provisioning project in which it's populating its core user directory with information directly from the human resources system.

"You need an HR identity to get into our systems. No one gets in without it," Safai says.

Another big issue, especially when it comes to account provisioning, is role definition, says Don Richman, manager of authentication and directory services at Raymond James Financial Services..

Since provisioning systems create user accounts based on their roles within a company, it's vital to specify the right level of access for each role, Richman says. That can be an enormous task involving input from multiple groups, especially in large organizations. he says.

Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon