HR Blog - HR Best Practice, Thought Leadership and HR Technology Updates

Brought to you by Cloud HR Software experts

Best Practices For Implementing Identity and Access Management

Posted by Mathew French

16 October 2018

With the mass adoption of cloud-based solutions, systems and apps, businesses need an easy, effective and secure way to provide access to the increasing number of tools being used by employees. Not only that, from a user experience (UX) perspective, making it easier for employees to manage access to workplace systems by reducing the number of user names and passwords, is a smart business decision. According to our Identity-As-A-Service partner OneLogin, the first and most critical step to achieve this, is to enable employees to access their business solutions, systems and Apps using only one username and password. Single Sign-On solutions enable you to layer multiple types of authentication factors for enhanced security, with the added convenience of only having to sign in once. Let's take a look at some best practices for Identity and Access Management (IAM).

Small Changes, Big Results

As with all digital transformation projects, the short and long-term success is typically measured by following a diligent and thorough process with a committed team and an engaged employee cohort. If you're considering, or about to implement any IT solutions in your business, these 10 tips for successful software implementation provide a great foundation to work from.

Before you break out in a cold sweat about the possibility of another IT implementation and the need to get approval for an increased dollar spend in your budget, consider this. The good news is that implementing an Identity and Access Management solution across your organisation doesn't need to be an expensive or laborious project. OneLogin believes that the adage 'evolution over revolution' can be applied. Not only that, the security, productivity and UX benefits far outweigh the costs.

The digital transformation sweeping through business operations means that HR Professionals and IT teams are responsible for managing increasing amounts of sensitive data across an ever expanding number of digital (and often cloud-based) platforms. Top of mind for Systems Administrators is managing security. Identity and Access Management solutions enable businesses to kill two birds with one stone. Single Sign-On solutions like OneLogin provide the efficiency of a single access point to multiple applications in addition to increased levels of security.

They also provide the following security enhancements:

  1. Location Based  Security: Notifying users if their account is used to login from a different IP address and web browser. Allows users to change passwords immediately if this happens and they do not recognise the login. Stops browser caching of user name and password security issues.
  2. Password Hardening: Ensures your users set-up passwords that fit a specific format to make them stronger.
  3. Enforce Password Change: Allow Systems Administrators to set-up rules based on making people change their passwords on a predefined basis.
  4. Multi-Factor Authentication: Allows for an additional security layer to be activated during login process, such as sending a push notification or text message to an employee’s phone to verify their identity before logging them into the application. Moreover, organisations should look to implement adaptive MFA which leverages machine learning to determine if MFA is necessary based on risk calculations at time of login.  

Adding this type of functionality to your IT ecosystem improves compliance, enhances security, increases productivity, offers a better user experience and provides peace of mind. If you're not using an IAM solution in your business, but want to manage risk and provide better UX, here's what you need to consider if you want to implement user and access management.


Identity and Access Management Implementation Considerations

OneLogin has provided some best practices for organisations looking at implementing IAM. Having helped thousands of businesses secure their environments through their Identity and Access Management platform, they have outlined the following recommendations.

Assess your current IAM situation:

  • Take inventory of your current cloud versus on-premises applications.
  • Estimate the extent of non-sanctioned apps deployed (i.e. ‘Shadow IT’).
  • Take inventory of your end-user access preferences.

Evaluate what IAM approach is right for you:

  • Think about what drives your strategy.
  • Consider security, productivity and compliance concerns.
  • Cloud versus on-premises deployments.
  • Out-of-the-box versus custom deployment.
  • Consider vendor practices e.g. redundancy and accountability.
  • Open standards versus proprietary interfaces e.g. SAML, SCIM, NAPPS.
  • Review the cost benefits of different solutions, e.g. both money and rollout time.

Define a strategy for implementing your IAM implementation:

  • Assemble key stakeholders.
  • Define a cloud vendor onboarding certification policy (CVOC).
  • Define your deployment plan:
    • Requirements,
    • Dependencies,
    • Milestones,
    • Timelines.
  • Implement your IAM solution.
  • Gain user acceptance.

If your business could benefit from an IAM solution, and you're ready to take a deeper look at the implementation process, OneLogin has a FREE Whitepaper for your consideration. 3 Easy Steps to Implement Cloud-Based Identity and Access Management (IAM) provides a simple framework that will serve you in advancing your cloud identity services in a thoughtful manner. Discover how you can cost-effectively incorporate app management into your security and compliance practices to adapt to a constantly changing application environment.

Download 3 Easy Steps to Implement Cloud-Based IAM

NOTE: If you download this FREE resource provided by OneLogin, your name and email address will be shared with them.

Topics: Identity and Access Management, Security

Request a Demo