Data Mapping for Identity Management

February 1, 2018

The underlying goal of any Identity & Access Management (IAM) project is to provide an efficient and streamlined approach to user management across the enterprise. For many organizations, access management processes are slow and inconsistent because user provisioning / de-provisioning is performed manually. Identity management offers a better way.

Robust IAM solutions offer a central place to administer users and policy, standardize management interfaces, and provide a workflow engine and a structured framework to support access management across a broad range of systems and applications. In order to automate these processes and have a successful implementation, the underlying user data must be both available and accurate.

You Can Get There from Here

In order to get your data right, we recommend starting with a data map to identify key systems and user attributes and how they flow across connected systems. Before defining a data map, it’s important to identify the user data necessary to manage an individual’s access. In our experience, documenting the Onboarding process will capture 95 percent or more of the required data necessary to manage user access.

The following user attributes appear consistently across companies and industries:

  • First name
  • Last name
  • Email address
  • UserID
  • WorkerID (HRIS identifier)
  • WorkerType (e.g. contractor, employee)
  • Title
  • Manager
  • Manager Email

Once the list of attributes has been defined, the next step is identifying the authoritative sources for each attribute in the map. An authoritative source is the system where the user data is actively maintained and is of the best quality. For employees, the HR system is the primary authoritative source for identity data. Other sources include contractor databases, customer databases, and any other systems that collect and maintain identity data.

Designing a data map begins with the authoritative source where the data element "LastName" equals the data element "Surname" in another. This translation of similar information requires additional data to accurately map the transition from the authoritative source to downstream systems that consume the data. Standards can be mapped to IDM connectors, which in turn translate the information from one standard to another. The IDM connectors act as the translation key from one source to the next, providing additional information needed to accurately map the information.

Data accuracy is vital because there is an opportunity for error at each integration point in the system.

The Elements of Data Mapping

Automating access based on bad data just gives you bad results, faster!

The impact on your business of poorly mapped data cannot be taken lightly; it robs your efficiency and impacts your ability to serve your customers. It is not enough to simply map attributes across systems. Data maps must be subject to quality controls and validation during the creation and updating processes. All organizations creating and updating maps must have a process in place to ensure the quality of the data map.

Once a data map has been created and validated, it will need to be tested to validate that it is "fit for purpose." This testing is crucial to ensure the map supports the Identity Management user lifecycle. It's important that the end users of the data are involved in this process; for example, the application and system owners who operate and support enterprise IT. Both the sender and receiver must be involved in determining whether or not data is being exchanged accurately.

Finally, the data map must be maintained and updated. This requirement is an often-overlooked part of data mapping, as implementers often believe that once a map is created it stays valid forever. This is not so. Reporting requirements, standards, databases, policies, and IT systems change all the time.

Seasoned IAM practitioners have experienced setbacks in deploying solutions due to data quality issues. From these experiences, we have developed tools and methodologies to overcome these challenges early in the implementation process. We recommend looking at data quality during the requirements assessment as the best time to start data mapping and quality analysis.

As Thomas Aquinas so eloquently stated, “A small error at the outset can lead to great errors in the final conclusions.” What he means is that given the complexity of the solution and the decisions to be made, if any one of our inputs is of poor quality, no matter how trivial it may seem to our overall project, the results may turn out to be bad. A data map will help you avoid a failed Identity Management project and will prove a useful tool as you work through your system design.


Be sure to download my new, FREE digital book entitled How To Design, Choose And Implement The Right IAM Solution For Your Business.

Follow @Idenhaus on Twitter and subscribe to our biweekly newsletter.

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us

More News