Who should manage the Identity Management product?

I am researching identity management solutions. Who in the team should be managing the IDM product?

44 Answers

author avatar
Top 5LeaderboardReal User

Its depending on the organization structure. Operational Security generally manages tools while Governance & Policies from Risk or CISO. 

author avatar
Top 5LeaderboardConsultant

It depends on what you mean by “managing”. There’s functional management and technical management.

In our case it's the "Dev/Ops" team situated in the IT Security tribe who’s responsible for the technical maintenance. (We're an agile organization.) Depending on the size it takes a couple of fte to do the maintenance. It's also depending on the amount of the connected target systems. If it's only an AD it requires only one connector to be maintained which doesn’t change a lot. Only when schema’s change or additional attributes need to be collected. Also the amount of users, especially if they are divided in sub-scopes, have an impact on the amount of work. Moreover, if the vendor delivers patches on monthly basis it causes more work. So in a medium or small organization I would already think of 5 fte.

Functional management is different. That involves contract- and issue management with the vendor, submitting usecases/userstories to the tech team and as some kind of liaison managing the user community. That takes at least 2 fte if you want to take it seriously. Our functional management is located at our CISO office.

In my opinion it’s not a one-man-job if you want to take it seriously.

author avatar
Real User

Typically we see IDM products being managed by a system owner in the security team.

author avatar
Real User

Depends on the Level of organizations. There are teams sometimes specifically deployed for the same or it goes to CIO or CSO's also. 

Find out what your peers are saying about SailPoint, One Identity, ForgeRock and others in Identity Management (IM). Updated: May 2021.
479,763 professionals have used our research since 2012.