The development of a Road Map document is typically a three-step process for Identity & Access Management, Identity Governance and Role Audits:
- Environmental scan - identifies the main identity stores and consuming systems in use within the organisation.
- Key-personal interviews and workshops - determine the main issues and agree on the scope of the Road Map document.
- Road Map document - developed and documented using a straw-man model approach.
The Road Map document comprises recommendations on the components of the identity management environment that are of the main concern to the client. These could be one, or more, of the following:
- · Enterprise directory – for white pages and application authorisation.
- · Virtual directory – to provide real-time joins between the Active Directory and the Enterprise Directory.
- · Provisioning – eliminating the keying of data into multiple identity stores and providing a selective and automatic de-provisioning process.
- · Workflow – automating workflow for approval of adds, moves and changes.
- · Attestation and reporting – a set of tools and audit capability to report on system access rights.
- · Web single-sign-on – diminishing the need for multiple log-ons.
- · Federated authentication – providing a mechanism to securely manage remote log-ons.
- Policy based authorisation
- Attribute based Access Control
- Role based Access control
- Identity Governance, Attestation and Reporting
- Multi factor authentication
- Decentralised identity
- Blockchain based distributed identity services
The Road Map becomes the core document controlling the acquisition and deployment of identity management technology. Road Maps will typically take three to five years to implement.