As mentioned in one of the earlier post, few organizations have carried out IdentityIQ implementations in such a way that application data (access and permissions) are fetched in form of csv files using read-only delimited file connector.The greatest negative aspect of such type of architectural pattern is that the organization has to depend upon application support teams (manual process) for decisions to be manually provisioned on the target applications i.e. open loop remediation.
So the question arises:-
- Have the organizations moved towards idea of automation or actually drifted away from it?
- Is the decision of implementing IdentityIQ correct and worth?
The answer lies in the approach of implementation.Although the above discussed architectural pattern provides an Online Centralized Portal for User Access Reviews but IdentityIQ is much more capable of this.Organizations should aim towards utilizing more and more available features of IdentityIQ.
Customers now are more focused on making more and more things automatic instead of relying on manual processes. So the previously mentioned architecture type is now not preferred by organizations. They are moving towards an architecture which uses Direct Connectors between target applications and IdentityIQ. This enables them to do Direct Provisioning on target applications.