Best practices This chapter lists points to check when implementing an identity management solution with OpenIDM.

Any identity management project should follow a set of well defined phases, where each phase defines discrete deliverables. The phases take the project from initiation to finally going live with a tested solution.

The project's initiation phase involves identifying and gathering project background, requirements, and goals at a high level. The deliverable for this phase is a statement of work or a mission statement.

In the definition phase, you gather more detailed information on existing systems, determine how to integrate, describe account schemas, procedures, and other information relevant to the OpenIDM deployment. The deliverable for this phase is one or more documents that define detailed requirements for the project, and that cover project definition, the business case, use cases to solve, and functional specifications. The definition phase should capture at least the following. User Administration and Management Procedures for managing users and accounts, who manages users, what processes look like for joiners, movers and leavers, and what is required of OpenIDM to manage users Password Management and Password Synchronization Procedures for managing account passwords, password policies, who manages passwords, and what is required of OpenIDM to manage passwords Security Policy What security policies defines for users, accounts, passwords, and access control Target Systems Target systems and resources with which OpenIDM must integrate. Information such as schema, attribute mappings and attribute transformation flow, credentials and other integration specific information. Entitlement Management Procedures to manage user access to resources, individual entitlements, grouping provisioning activities into encapsulated concepts such as roles and groups Synchronization and Data Flow Detailed outlines showing how identity information flows from authoritative sources to target systems, attribute transformations required Interfaces How to secure the REST, user and file-based interfaces, and to secure the communication protocols involved Auditing and Reporting Procedures for auditing and reporting, including who takes responsibility for auditing and reporting, and what information is aggregated and reported. Characteristics of reporting engines provided, or definition of the reporting engine to be integrated. Technical Requirements Other technical requirements for the solution such as how to maintain the solution in terms of monitoring, patch management, availability, backup, restore and recovery process. This includes any other components leveraged such as a ConnectorServer and plug-ins for password synchronization on Active Directory, or OpenDJ.

This phase focuses on solution design including on OpenIDM and other components. The deliverables for this phase are the architecture and design documents, and also success criteria with detailed descriptions and test cases to verify when project goals have been met.

This phase builds and tests the solution prior to moving the solution into production.

This phase deploys the solution into production until an application steady state is reached and maintenance routines and procedures can be applied.