IAM - Custom Connector Development Questions
In this post, I will be listing a few questions that will be help in designing, building and estimating a custom connector for an IAM solution.
These questions are quite generic and can be used in a variety of situations
These questions are quite generic and can be used in a variety of situations
- Provisioning/Reconciliation/or Both: Generally provisioning is assumed by default as that is the whole point of connector development but we should keep the reconciliation estimate also in mind if that is required. If both are required then estimates obviously go higher and with much longer development cycle.
- Is Authoritative Source (Yes/No) ? : If the end system is an authoritative source of data for user,role or organization information then a slightly different design is required for connector development with more checks and balances in place.
- Provisioning Functions (CRUD) ? Which all provisioning functions should be considered for connector development. It is most likely all but in some situations delete or update of all attributes are not required so that will save some time and effort for a tailored solution.
- Reconciliation Features (Agent less or Agent based) ? Most connector should work without actually installing anything on end systems (i.e. Agent less) there by reducing time, effort and complexity involved but in situations where an Agent based connector is required , two components are developed, one on end system and one on IAM system. This requires more testing and fault tolerance.
- Is Password or any other secure attribute part of connector development ?
- What will be connectivity channel requirement for the connector like SSL/TLS or any other protocol ?
- What type of User Accounts this connector should support (Regular Users/ Service Accounts/ Any Other ) ?
- How many number of Attributes that this connector should support ? This can greatly affect the time and effort as this more attributes require some generic design which can make the connector more flexible but with initial effort early on.
- Group/Role/Entitlement/Org or any other Entity management part of the connector solution.
- Any other additional capabilities that this connector should support ?
Comments
Post a Comment