Why most of The IDM Projects don't succeed ?
Yesterday I was having a discussion with my friend on the topic "Why most of the IDM Projects don't succeed ?". I saw couple of discussions on LinkedIn on same topic as well. It's quite simple and interesting question but is it ?
There can be n number of answers for this question based on different client/vendor experience. So I would like to share something based on my experience. I worked mainly with OIM and little bit with SIM so my views will be based on these products only.
IDM Projects don't succeed:
Just A Java Application:
IDM Projects don't succeed When people think, IDM is just a Java Application. They think that if they are good in Java, they can do anything in IDM. They implement the things based on their Java experience instead of using IDM features. Things look easier in the beginning but later client has to pay for this. And also we face lots of challenges at the time of upgrade of IDM environments.
Just A Database Application:
IDM Projects don't succeed When people think, IDM is just a Database Application. They make use of SQL Queries instead of using IDM Provided APIs/Components. They use direct queries for different operations and play around with Audit Data.
Just An Application (GUI) for Automation:
IDM Projects don't succeed When people think, IDM is just an Application which provides Graphical User Interface to automate some process like Create User/Delete User/Provisioning Access etc. They care more about Look and Feel instead of its features.
Lack of IDM People:
IDM Projects don't succeed When we don't have proper IDM People at the time of Requirement Gathering/Design/Development/Testing and we give more responsibilities to people who are having good experience BUT in different domains.
Lack of IDM Knowledge:
IDM Projects don't succeed When client expects more than the product capability. I agree that they don't have much knowledge that's why they are asking others to implement the same but they should understand the boundaries of the product.
Example:
IDM needs at-least one unique field to map target users with IDM users. Unique field can be a combination of 2-3 fields as well. Without this field, IDM won't be able to link identities and accounts. So people should understand that Unique field is mandatory for running Reconciliation Job into IDM. If they don't provide such field(s) then IDM won't be able to link the users.
Oracle Product Development team has done a great job in OIM 11g R1, OIM 11g R2. Hats off to Product Development Team for coming up with such a great architecture.
Although there are some bugs but those will be found in each and every product. We should understand that these products are man made so nothing can be 100% perfect, so instead of blaming each other we should work together and come up with a stable product which will satisfy the need of today' world.
Happy IDM !!!