IDM Technical Blog

The Simple Reason why Identity Management Works Well With an ESB

If you have or are thinking about deploying an Identity and Access Management System and you either have deployed or are thinking about deploying an ESB (Enterprise Service bus) then stop now and read this first!

Most organizations seem to think of these infrastructure pieces as serving completely separate purposes when in fact they complement and augment each other quite well. If you are manager or a technical resource I would like the opportunity to change your mindset or at least give you some new thoughts to reflect on.

To start off an identity and Access Management solution tends to be expensive and can fail on both a technical, supportability level and a business level.

The problems stems from the underlying issues that come along as part and parcel of a hub and spoke provisioning and de-provisioning system. There can be no doubt that on a technical level this type of solution a hub and spoke system works and works very well.

A hub and spoke systems provides a relatively quick and dirty means to connect identity sources in organization to a single centralized place. This type of system provides a central place, where you can simply and easily "see" and control the current status of all the organizations employees, consultant, vendors.

An example of a hub and spoke system in provided below.

So how does failure occur on a technical and or supportability level?

Consider a scenario where your integration logic depends on input from one or more of the system that have been decommissioned or altered. Now you have an integration solution that relies on input that is not available any more. This eventuality requires a careful review and rework of all the affected policies and decision points and required a re-test and re-validation of the new configuration.

The technical or supportability failure occurs when the need to change in the business units outpaces the ability of the core IT staff to alter and validate the necessary integration services.

So how does failure occur on a business level?

Failure on a business level is due to a variety reasons:

• Ineffective implementations
• Low prioritization of the IDM integration effort by business units
• Business unit bundling cleanup or re-organization work,
• Solution acquisition that is not coordinated with the core integration teams
• Solution licensing Costs 

The reasons above are not totally inclusive but they provide a brief example listing of how some failures can occur.

These types of failures occur when businesses need to bring on additional IDM solutions aka (Identity Integration), for various reasons such as mergers and acquisitions, business unit integration, or simply to address perceived problems in the IDM design.  The result is either a mixed vendor implementation or expensive “rip and replace” scenario.

So why do ESB’s and Identity Mangement work well together.

The IDM and ESB work well together simply because "identity integration" is HARD, costly, and often complicated work from both a technical and organizational perspective. An Identity Management and ESB strategy helps ease this political hardship and lay a path for "buy-in" from all business units. Here's how.

The use of an ESB provides a common toolset which reduces or eliminate the need for specialized vendor tool, reduces cost and provides the mean to lower the required skill sets and effort level required to provide the necessary integration services to the organization.

This is significant because implementing integration services crosses all political boundaries and business units in many cases causes push back from technical groups that control access and provide upkeep services. Simplifying the integration with common tools and SOA principals helps eliminate the pain points associated with these types of political conflicts.

This approach enable you to decouple the integration activities along the lines of business which provide a better method to address communication needs, expectations and sustainability issues.

In the end, eliminating the hub and spoke dependencies, reducing the dependency of specialzed consulting, and adding flexibility and scaleability is a practical approach to your IAM projects.