IAM - Custom Connector Development Questions

In this post, I will be listing a few questions that will be help in designing, building and estimating a custom connector for an IAM solution.

These questions are quite generic and can be used in a variety of situations

1. Provisioning/Reconciliation/or Both: Generally provisioning is assumed by default as that is the whole point of connector development but we should keep the reconciliation estimate also in mind if that is required. If both are required then estimates obviously go higher and with much longer development cycle.
2. Is Authoritative Source (Yes/No) ? : If the end system is an authoritative source of data for user,role or organization information then a slightly different design is required for connector development with more checks and balances in place.
3. Provisioning Functions (CRUD) ? Which all provisioning functions should be considered for connector development. It is most likely all but in some situations delete or update of all attributes are not required so that will save some time and effort for a tailored solution.
4. Reconciliation Features (Agent less or Agent based) ? Most connector should work without actually installing anything on end systems (i.e. Agent less) there by reducing time, effort and complexity involved but in situations where an Agent based connector is required , two components are developed, one on end system and one on IAM system. This requires more testing and fault tolerance.
5. Is Password or any other secure attribute part of connector development ?
6. What will be connectivity channel requirement for the connector like SSL/TLS or any other protocol ?
7. What type of User Accounts this connector should support  (Regular Users/ Service Accounts/ Any Other  ) ?
8. How many number of Attributes that this connector should support ?  This can greatly affect the time and effort as this more attributes require some generic design which can make the connector more flexible but with initial effort early on.
9. Group/Role/Entitlement/Org or any other Entity management part of the connector solution.
10. Any other additional capabilities that this connector should support ?

IAM - Application Integration Questionnaire

In this post, I have come up with a list of questions that can be asked to integrate any standard or custom third party applications with the IdM product.
This questions will be specially helpful if the number of Apps are large enough.

1.       App Name

2.       App Description

3.       No. of Users

4.       Types of Users

5.       Type of App (online/thick client/legacy/cloud/any other) : Please mention

6.       No. of App Instances

7.       Type of Connectivity available (JDBC/Web Service/Directory/Messaging system/File system/any other)

8.       Database used by the App (Proprietary/Standard)

9.       Mention database name if known

10.   Is it Authoritative source of data for Users/Role/Org or any other entity?

11.   Does this App depend on any other App?

12.   If yes, mention the other App Name

13.   Network zone this app resides in (public/subnet/intranet/firewalled/limited etc.)

14.   Any web services exposed by this App.

15.   Is SSO a requirement for App ?

16.   Is provisioning a requirement for this App ?

17.   Is reconciliation a requirement for this App ?

18.   Is password sync a requirement for this App ?

19.   Does this App require any special treatment from performance, security or high availability perspective?

20.   What does this App store? Put a tick (Users/Groups/Roles/Entitlement/Org Structure)