NetWeaver Identity Management 7.1 Implementation Challenges

Challenge 1:  Self Service is Not Intuitive for Unsophisticated Users
Companies deploying NetWeaver Identity Management will find that that the interface for self service for the least technical employees will require training.   Clicking a self service task to request a privilege or business role will result in a standard WebDynPro interface that will show them two search boxes. The one on the left will be for searching for what they want (Available) and the one on the right what they already have had assigned.    Experience has shown that this interface can cause confusion with unsophisticated users. Companies will want to make judicious use of access controls to limit what choices are presented to the self service client.  This requires that logic be established in advance based upon some set to which they are a member.  Additionally, companies will want to train employees in advance of deployment to reduce help desk calls.

Challenge 2:  Fragmented Documentation
The documentation for accomplishing end to end workflows is scattered across many different documents.  There are few scenario based use case “how-to” documents.  Companies deploying NetWeaver IdM 7.1 will want to permit sufficient time for their deployment team to work with the product in order to gain a full understanding, before undertaking a deployment.  Alternatively, companies can bring in outside experts to assist, and train personnel.

Challenge 3:  Limitations in the Staging Environment
NetWeaver IdM 7.1 uses an xml export file to move from development to Test and Test to Production.    The file is exported using a built in utility.  The file is created within the identity center by selecting export.  Many settings between environments are not exported for example, repositories, event agents, provisioning/deprovisioning tasks on privileges must be done manually.  There are some bugs, for example, complex linking between tasks are sometimes broken during import.   These limitations can be mitigated with manual adjustments but the process is lengthy.
Challenge 4:   Job Customization Frequently Requires Custom JavaScript
Under NetWeaver IdM 7.1 the imported “SAP Provisioning Framework” has greatly simplified system deployment, however, there are simple functions, for example, E-Mail notifications which still must be done entirely in JavaScript.  This also applies to any non-simple data modification.   This slows down deployment.  The alternatives are to custom development Java templates or wait for the product to mature.

Challenge 5:  Few Useful Reports Available in Default Installation

Most of the default reports available lack the simplicity of being able to easily show standard audit information like “who did what to whom and when”.  Although extensive audit information is stored the database, it is not always easy to extract the data without extensive SQL queries.  The documentation itself does not clearly explain the complex relationship between the data in the tables.  There are no shortcuts available , careful analysis of the underlying tables and proper query writing must be done.


NB: Since I am on a project and can’t go to Tech Ed watch Matt Pollicove’s blog for updates on whether these challenges are being addressed.

Identity Management Business Case Part II

I have previously posted a straight forward method for creating an identity management business case and based on the downloads I have had it’s been popular.  I also know it’s effective because it’s been proven.    Most people shy away from the real options part, however.  Everyone seems to understand discounted cash flows, but many do not understand real options.

I am now posting a stronger model that is complementary to the other one and can be used for other initiatives besides IAM.    It combines real options with Knowledge Value Added (KVA).  The methodology is derived from the work of Johnathan Mun so if you want to go back to the source start there.

As side note, some people think it is foolish to share methodologies that you have developed and all the big consulting firms protect theirs.  A methodology is just a process, and the only thing that matters is the execution of it.  It can be downloaded at the Risk Horizon website here.