When architecting an IDM environment one must take into consideration many factors.
First, one has to consider the end-goal design of what a business wants to do with an IdentityMinder solution. For instance, the main functionality of an IDM system is to manage identities while adding compliance and controls around provisioning of accounts. Now, you have the option of provisioning and managing the accounts manually or you could design and deploy a Role Based Access Control (RBAC) where by logic is applied to formulate standard roles based on the position of the individual within the organizational structure of the business. The provisioned access should provide the identity with only the rights to do what they have to in order to perform the role they fulfill.
Secondly, one must plan for the future design and needs of the organization. The CA IdentityMinder application is considered a foundational application within the CA suite of products. To this foundation a business could add CA SiteMinder for web access gateway security and increased security control over the IDM system password policies additionally a business could deploy and integrate with the CA AuthMinder/RiskMinder applications for increased security by providing two-part biometric authentication.
The method in which a business chooses to deploy these tools is where the art form aspect comes to play. One of the most important architectural issues with designing an IDM system is the buy in, or support from upper level management in the selection and path of the tools and resources needed to architect and implement an IDM solution. Determining the proper IDM architecture can be a relatively painless experience or a difficult one depending on the complexity of a business’s internal structure and group dynamics. To adequately address the unique IDM needs, the technical architect must be able to listen to the desires of the business and address sound design around achieving or disproving the expressed desires from many levels of management regarding how they foresee the business using an IDM solution. The architect is required to guide a business toward a best practice approach for design of not only hardware, but business workflow integration and or alterations to use the IDM tool successfully.
The key point to remember is that an IDM system should be designed to manage identities, not a business process. To achieve this an understanding of how a business manages employee identities needs to be evaluated and then restructured to encompass the use of the IDM tool. The workflow and methodologies designed in the IDM solution should replicate the existing on-boarding and off-boarding of identities within a business while standardizing and or mitigating issues hardships that exist within the current business processes of identity management.