7 criteria for an identity and access management solution that's right for you

Mélanie Lebrun

|

Youzer Marketing Manager

07/2021

| Mis à jour le

Articles
>
IAM - access and identity management
Do you have an idea in mind for your solution? Have you thought of everything? We'll give you some ideas to help you make the right choice for your identity and access management solution. We'll take a close look at hosting, budget, in-house skills, deadlines and more.

Contents

If you're reading this article, you're probably wondering how to reconcile your users and their accounts.

The problem is simple: on the one hand, there are the users (individuals, employees on permanent or fixed-term contracts, service providers, temporary staff, etc.), and on the other, an astronomical number of accounts on the company's various applications.

These 2 lists are very difficult to "reconcile" as they are updated daily.

One solution is to use Excel to clock in users and their accounts to check that everything is consistent, but if you try to do this regularly, you soon realize that the task is tedious, very time-consuming and you're constantly behind on the actual status of authorizations.

User management is a relatively new issue for IT departments, which until now have been organized around account management.

When it comes to user management, here are the issues:

  • user identification,
  • user authentication
  • access rights or authorizations
  • license use and allocation
  • activation and deactivation of access accounts

We're turning to solutions such as implementing an SSO (Single Sign-on) system like Okta or Azure AD to reduce the risks associated with multiple passwords and weak security, and improve the user experience.

All these tools help to reinforce your security, your employer brand and the way employees feel, but they won't help you to synchronize information between HR and IT information, to know who has left, who has changed jobs, what authorizations are required for which people...

Youzer links HR and IT tools

At first, you may be tempted to try and develop an in-house tool or even scripts to deal with the problem of managing users and their accounts, but you'll come up against some classic difficulties:

  1. skills are needed to define the specifications and design an IAM tool.
  2. Development resources are needed to code such a tool.
  3. It's difficult to maintain this type of development in-house, as new applications are introduced regularly, so connections with these applications need to be updated.
  4. Unless you invest a great deal of energy and manpower, it's very difficult to obtain new functionalities on a tool developed in-house, which will therefore be rather static and probably eventually abandoned by users.

If, on the other hand, you choose to turn to identity and access management solutions on the market, there's one pitfall you can easily fall into: most of these solutions are extremely complex to get to grips with, requiring expert consultants to set them up and administer them. But first of all, if you're not familiar with the concept of IAM, take a look at this article.

1. A "SaaS" or "On-premise" tool?

saas versus on premise solution

When choosing IAM software, you'll need to decide between two types of solution: "SaaS", which is a hosted mode, 100% maintained by the publisher with a monthly or annual subscription, or "On-premise", which requires the use of part of your server infrastructure to operate.

SaaS
With a SaaS solution, i.e. one hosted by the software vendor, you don't have to manage hosting, security or maintenance. This means you don't have to burden your infrastructure with yet another piece of software to deploy. So be sure to ask the service provider what measures have been taken to secure its platform, and whether it is RGPD-compliant. Generally speaking, since the service provider specializes in this type of hosting, it will have put in place a certain number of measures to ensure maximum security, such as strong two-factor authentication (2FA), and the installation of an application firewall (WAF)....
Another major point of a SaaS IAM solution is the maintenance of the solution. The solution will always be up to date, and will require no action on your part. The solution's publisher will make improvements, reinforce security and apply all this to all its customers' instances, without impacting your business.
A SaaS solution also requires less human investment to maintain and manage it.
The big advantage of a SaaS solution is that it doesn't have to be installed: it's generally up and running in a matter of minutes.
Finally, even if you choose a SaaS solution, you'll still be able to connect it with your existing on-premise software (Active Directory, Microsoft Exchange, proprietary CRM...), as some platforms like Youzer enable interconnections between SaaS and On-Premise.

On premise
If you choose on-premise software, you host the software yourself within your own infrastructure. On the other hand, it takes much longer to set up: you need to have a list of prerequisites for the infrastructure to be prepared (number of servers, CPU, RAM, disk space...), and to acquire this infrastructure.
The integration of proprietary on-premise software is also often an argument for moving towards an on-premise solution.
On-premise software can address issues of confidentiality and trust for companies that are sometimes reluctant to outsource certain data to a third-party company. But today, new laws such as the RGPD or security certifications mean we can be confident about using SaaS solutions.

Key facts
SaaS offerings, which were not mature just a few years ago, are now much more attractive than traditional software. TCO (Total Cost of Ownership) is more attractive in SaaS mode than in "on-premise" mode, and this is becoming increasingly true as technologies and software functionalities evolve ever more rapidly.

Investment in a SaaS solution less expensive than an on-premise solution

2. Installation

This is one of the main advantages of a SaaS IAM solution: implementation is carried out remotely, with the publisher's teams guiding you through the initial configuration steps. It's also possible to start up completely independently, if your IAM software allows. In just a few minutes, your instance is created on the platform, and you can start managing your users and their authorizations.

On the other hand, if you choose an on-premise solution, you are generally supported by a team of consultants who come in to implement the software on your site. Configuration is time-consuming, and it can take several months to get the hang of it all.

What you need to know
SaaS IAM can be set up very quickly, so you can react quickly, as opposed to installing IAM software on site. Setting up a POC is generally easier with SaaS.
Envie de voir une démo instantanée de Youzer ?  
View demo

3. Solution support

Support for the solution is a very important step. Whether the solution is SaaS or on-premise, there will always be a learning curve and adaptation time of varying length.
You need to learn how to install and configure the first connectors (which will interact with the company's various applications to import and manage authorizations), to configure the solution for your company and to understand the main functionalities.
Beforehand, it is very important to identify the people who will be the main users/administrators of this solution. For example, you'll need to involve both IT and HR people to ensure that the IAM solution is adopted and used by everyone. If you want managers to use it (which is a key factor in the success of the AMI project), you'll also need to consider inviting someone to be in charge of training managers. This could be someone from HR, IT or a manager reference within your company.

Support in getting to grips with IAM is not always included in the price. Many service providers offer additional support and training. At this point, it's also important to ask how the training will be carried out. Does it take place all at once, or in installments? It can be useful to have several short training sessions to help you get to grips with the product. Indeed, we've all noticed that a lot of information is difficult to retain. A month's support will enable you to use the solution and have regular check-ups to understand elements that seemed logical but that you just can't do again.

Things to remember
Always choose support when taking the first steps with your IAM solution. Clearly define the main initial users, so that they can become familiar with it and receive support.

4. Ease of use

It's really important that the first impression the IAM solution leaves on you during a demo is one of simplicity and accessibility for everyone. After all, the tool must be used not only by IT teams, but also by HR and managers. Ask yourself whether all these players are ready to buy into the project. Imagine if an IT person did a demo, but then said to herself, I'm lost... How can I promote this tool internally? Obviously, not everyone will use the platform in the same way. IT will be involved in a more technical part of the tool, HR in a workflow process and managers in a team management approach.

It may be tempting for some IT experts to want to configure the solution in a highly technical way. Remember, though, that this product has to save you time, be intuitive and easy to use (a bit like the "no-code" tools that are starting to become fashionable). So it's really important that it's visually and interactively simple and pleasing, otherwise you won't get buy-in for the project. Multiple menus, a technical interface and a crude appearance will put off a good number of users, and the solution is likely to quickly lose interest.

Just because it's an IAM solution doesn't mean it has to be ultra-technical. Quite the contrary: you and your users are entitled to expect the same quality criteria from your solution as from a consumer tool, with a graphical interface that makes the user experience pleasant!
The simplicity index correlates with the adoption rate.

Things to remember ▶
Above all, choose a solution that saves you time. It must be clear, intuitive, configurable and efficient.

product adoption curve based on ergonomics

5. Add connector / integration

What is a connector? A connector enables your IAM solution to import or perform actions on the accounts of each of your tools or business applications that your teams use on a daily basis. So you'll have an Active Directory connector, a connector for your CRM, a connector for your messaging system (Exchange, Office 365, GSuite...)...
SaaS connectors are easy to integrate with a SaaS solution, as they are designed to connect easily with other solutions. An API key, token or login/password is used to connect. The IAM solution will then launch the automatic import or creation of accounts on the software concerned.

In general, IAM solutions integrate well with the type of platform they resemble: SaaS IAM solutions will connect easily to SaaS software (Office 365, GSuite...) and will have difficulty connecting to on-premise systems (Active Directory, proprietary CRM...). The exact opposite is true for on-premise IAM solutions.
Beware of your proprietary applications: it would be dangerous not to include them in your IAM solution integrations just because they are proprietary. That's why Youzer has developed a "universal" connector that allows you to connect to any on-premise business application.

Each IAM provider will display (or not) a more or less exhaustive list of connectors that are already present in their catalog.
Then each one will operate differently:
some will charge for the addition of a new connector
others consider that it completes their catalog and will add it free of charge.

Find out more about this too, before choosing an IAM solution.

all applications
Things to remember ▶
SaaS connectors are fairly easy to integrate. On the other hand, on-premise and/or proprietary applications can be complicated to integrate for some IAM solutions.

Would you like to receive our white paper on identity and access management?

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

6. Autonomy

Once you've chosen and implemented your IAM software, you can't stop there! It's important to be autonomous in your use of the product: do you need to call on your service provider to carry out regular operations?
Do you need to call on the editor or integrator to add new connectors?
You should be as independent as possible in your use of the tool, which should save you time, so your actions should be carried out as simply as possible. You should only call on your service provider for very specific operations and perhaps a very particular request.
The solution you have chosen is certainly very good at a given moment, but needs (your needs) evolve. Is the product constantly evolving, or is it "finished"? A good IAM tool is never "finished": your needs evolve, and your expectations are high and differ from one company to another. Your service provider must be able to meet these new expectations. The tool must constantly evolve, and new functionalities must be accessible to everyone, so as to be beneficial and without financial surpluses.

Even if we advocate autonomy, do you have someone on your side who can respond quickly in the event of a problem?
Customer service must be easy to reach and responsive. Do you have direct access to an online chat tool on your IAM tool, or a telephone number or even e-mail for your exchanges or to contact support?

Things to remember
You need to be autonomous in your use of the tool, but also be able to call on responsive customer support. The IAM application must also evolve regularly to keep pace with technological developments.

7. HRIS connection

This is also a very important point: Your IAM tool must be able to connect to your HRIS to create an exhaustive list of your users (internal employees, service providers, etc.). Your service provider must be able to connect to the main HRIS on the market, and even to your own HRIS that you have developed in-house (Lucca, ADP RH, Cegid RH, Eurecia, Nibellis, etc.).

This connection to your HRIS enables HR/IT reconciliation for your employees and their accounts.
In addition, it is important that your software can also be fed from sources other than your HRIS, such as the list of temporary employees, service providers, etc., who may have access to your IS.

What you need to remember
Your IAM solution needs to be able to connect to any HRIS in order to connect your employees automatically and to escalate errors and reconcile with their accounts.
universal connector at Youzer

If not having IAM software is unthinkable today, it's difficult to make a choice, because you need to find the 5-legged sheep: it has to be compatible with all your tools, it has to be collaborative and it has to enable you to have total application supervision, plus the various elements that are important to you.
[Spoiler alert] Unfortunately, this sheep doesn't exist, and you're going to have to define your priorities, your needs and your budget.

The easiest way is to try out the different solutions on the market that appeal to you.
We have a free 30-day trial with no credit card required 😉
If you'd like to compare and test Youzer: you can contact us for a demonstration of our platform.

Récap'IT the IT Newsletter

Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the month's IT news.

Recevoir l'actu IT

Recommended items

Discover Youzer, the first
platform for easy management of your users and their access.

Hey! you know the drill :) We use anonymous data analysis cookies. By "Accept all cookies", you help us understand (anonymous) page views. Learn more about our privacy policy.