By any other name

I’ve recently been looking at the implementation of name change processes for enterprise IAM environments.  People change usernames, first names and last names for a variety of reasons: marriage, divorce, religion and so on.

According to a reliable internet friend of mine, each year approximately 50 in every 10,000 users request username changes in one typical IAM system. That corresponds to 0.5% each year.

Now that doesn’t seem like a lot does it? But for an enterprise it may be big deal due to the manual work effort involved to make these types of changes. When looking for IAM benefits, the reduction of workloads — for employees, service desk staff and the access team — are always worth looking at.

Let’s look at an example of 10,000 employees, all politely organized in an AD or LDAP that is nicely integrated with an IAM solution. Enterprise applications like email are fully integrated, with provisioning updates pushed out every night. Applications are integrated in different ways. Perhaps a few apps are fully integrated, and use the IAM service for identity (username, first name and last name) and are protected by the IAM login service.

But many other apps have limited provisioning, and cloud-based apps may not be provisioned at all. When a name change comes along, what happens? Well, without an automated provisioning processes offered by an IAM service three things will happen:

  • the user will have to go in and change their profile in each application.
  • the user will have to request someone else (e.g. the Help Desk) to modify their profile in each app, or
  • nothing – the name information gets stale.

So, in this scenario, 50 employees every year need to update their information in one or many applications. The manual work (number of tasks) becomes a simple calculation of the number of name changes multiplied by the number of applications the user needs to access. If there are 50 name changes, and an average of 7 different applications, then that’s 350 manual changes per year, and maybe that is manageable. But if either of these multipliers increase — say you have a dozen apps per user, or you are a much larger organization — then the workload on your users and help desk can become expensive.

Or worse, these applications will continue to have incorrect name data in their profiles. This can lead to follow-on attestation (confirmation of entitlements) problems, audit confusion and other issues.

Understanding your applications and the reality of name change volumes can help to better plan and upgrade provisioning solutions.

Mike

Author: code

Mike Waddingham is an identity management consultant with over 30 years of industry experience. He is the owner of Code Technology Corp.