12 questions to ask before implementing an identity management system

Here are 12 questions to ask before implementing an identity management and access control system.

In this report:

Identity management a complex process with a simple goal

  1. What noninformation technology departments and systems need to work with the identity management system? For example, human resources, physical security, finance? Do they already have information or systems in place that will help the initiative?
  2. What business processes need to be put in place to support identity management? Who will create, implement and manage the processes?
  3. Is a suite or best-of-breed approach best for your organization? Does the suite have everything you need, or will you still need additional components from other vendors? Can you purchase just one part of the suite and add other components later?
  4. What existing systems will need to integrate with the identity management system? Identity management software typically works well with Web-based or commercial applications but not with custom applications. Who will do the integration?
  5. What expertise do you have in-house for implementing the system? What outside help is required?
  6. Which features of identity management will you implement first — single sign-on, provisioning, identity life cycle management, role-based access control?
  7. How will users be deprovisioned so there are no orphan accounts?
  8. Who is responsible for defining roles and access rights and assigning those to users?
  9. Besides agency employees, who else needs access — general public, vendors, contractors, state and local agencies? How will you manage and control them?
  10. What types of physical components need to be integrated — Homeland Security Presidential Directive 12 smart cards, fingerprint readers, door locks, radio frequency identification chips and sensors?
  11. What cultural barriers will you have to overcome? How?
  12. How will you balance security needs with usability? You don't want users using Post-it Notes to keep track of passwords that are too difficult to remember or have excessive help-desk calls for password resets.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination 

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected