What does IAM consultant do? Read on to find it out
If you have read Is Identity and Access Management a Good Career for the Next Twenty Years?, you will know that Identity and Access Management is a fast growing industry due to the information technology boom and there are different ways to be involved with it, one of which is to become an IAM consultant.
1. What is an IAM Consultant?
In a general sense, a consultant is a person who provides professional advice in a particular field of science or business to an organization or individual. In the context of IAM, a consultant utilizes its identity skills and experiences to advise or implement IAM solutions to enterprise customers.
2. Why Companies Needs Consultant?
This question comes to why companies need consulting in the first place, and usually a defining reason is that consultants possess a knowledge advantage. A client hires a consulting firm provides advices and implementations that leads to the resolution of an issue within the client's organization.
Other reasons could be:
Consultants are objective on the issue
Consultants are less likely to fall to internal politics
Consultants are contractors and cost could be less than hiring permanent employees in the long run
Consultants are more effective in terms of execution
3. Why IAM Consultant?
Bringing this back to the field of IAM, a mid-to-large enterprise has the issue of identity and access management needs to resolve and usually in-house development is very costly (time and money). A decent size of engineering team is needed and it takes long time to do the development work. After production go live, the IAM system will need maintenance as well. On the other hand, there are mature IAM vendors out there in the market and adopting them will save hugely for the enterprise.
So a good strategy is for companies to buy and use IAM products directly, but where does IAM consultant come into play? The main reason is that each system of a client is unique and could be very different from another, you just can't buy the product and plug-and-play right away. There is this process of implementation and integration needs to happen between the IAM vendor product and client company. That's where IAM consultants come into play.
4. Consulting Service Process
The IAM consulting service helps client companies to solve problems related to IAM. As each customer is unique, the first critical step is to understand the current state of the customer. Sometimes, a completely new IAM solution needs to be designed and implemented, while more often, an IAM system is already there and running, and customer is seeking to upgrade or migrate to new systems. In either case, a good understanding on the customer's current state is crucial for the success of the project.
After an agreed scope of work has been defined between consultants and customer, the next step is the plan and design of the solution. This is usually done among more experienced engineers and again requires a collaborative efforts between consultants and customers. Sometimes, prototypes will be developed as the proof-of-concept of the design.
A lot of times, the starting point of implementation is not when design is completely done and they can go in parallel. In this case, design work goes a little ahead of the implementation work and run in parallel. The implementation process follows typical SDLC (Software Development Lifecycle) and uses agile practices. The implementation phase could take months or even years to finish.
Once the implementation is done and delivered to the customer, the consulting goes to the closing phase. Customer can choose to close the work or bring in the requirement for the next step of the project.
5. IAM Expertise
The above process is actually pretty typical for general consulting service. The specific part for IAM consulting would be the expertise and experiences related to the IAM products from various IAM vendors. In order to give proper advices and implement the solution for clients, IAM consultants need to know their products well. Modern IAM solution platforms, such as ForgeRock, Ping Identity, Okta, Auth0 and etc, are all different and complicated products. Have a good understanding on the function and feature that the product can provide is crucial to an IAM consultant.
Besides the IAM product itself, another important aspect is integration patterns. IAM platforms are fairly large system and usually a mid-to-large company will have its own system as well and the challenge and gap come as how to integrate the IAM product into the client system. Understanding different integration patterns would be very helpful in this case, as a lot of times, while the IAM products and client systems are different, the integration pattern can be reused. For example, when dealing with SSO (Single-Sign On), one immediately thinks about OAuth/OIDC or SAML as the integration pattern and this pattern will lay a good foundation for solving the SSO issue.
Besides the above two, there are many other aspects of IAM expertise as well:
Typical IAM concepts and frameworks
Coding and scripting skill
Knowledge on Networks
Knowledge on Database and Directories
Experience with Cloud Service platforms
Agile process experience
6. Sum Up
This post describes about being an IAM consultant. IAM implementations usually relies on one or several IAM vendor products to provide solutions to enterprises. The challenge lies on how to integrate the IAM product into the client's own system and make it function properly. IAM expertise requires a good knowledge of the IAM products and integration patterns as well as many other aspects.