OpenID Doesn’t Manage Itself?

OpenID Doesn’t Manage Itself?

Will OpenID eliminate all your identity management problems right away? That’s what some experts would have you believe.

After all, the OpenID website says, “OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.” That sounds like a seamless solution.

Certainly, it’s far better than using an ad hoc collection of processes. If you’re relying upon a spreadsheet to track access and need to call IT to make changes, moving to OpenID is a good move. OpenID is also valuable if you want to integrate with other web services. However, that’s probably not your only concern.

The OpenID Management Mistakes to Avoid

Review this list carefully. We’re willing to bet that you’re making several of these mistakes. Word to the wise: Don’t assume that none of these mistakes apply just because you’re highly experienced. You still need to be humble enough to realize your blind spots in identity management.

1. No one is responsible for OpenID

Yes, we’re starting with management oversight. We’ve yet to see a product, even ours, that requires absolutely zero maintenance and oversight. What happens when one of your system administrators leaves the company? Alternatively, what happens if you undergo reorganization? Before you realize it, there’s no longer anyone in the organization responsible for OpenID.

At first, this mistake may be invisible, but it’ll soon add up to a weak identity management program. You might be inclined to ignore OpenID management if the next mistake resonates with you.

2. You misunderstand what OpenID can do for you

Excitement for new technology is one of the reasons people get into IT. The drive to find new and better ways to do business keeps work interesting. Yet, you can carry that tendency too far. With OpenID, if you assume that OpenID will take care of all your identity problems, you’re in trouble.

Take note of some of the ways it can all go wrong:

  • Legacy system capability: In the Fortune 500 environment, you have to face the challenge of legacy technology. That could include mainframes from the 1980s, internally created software, and more. OpenID may not be able to cover those systems.
  • Enhanced authentication needs: Some systems are so sensitive that you don’t want to make them easy to access. We know of a banking database that has a THREE step login process. If you have data that sensitive, you don’t want to make it easier to access with OpenID.

3. You accept OpenID limitations as your enterprise limitations

Who should set the limitations and objectives of your identity management program?

The wrong answer: OpenID or any other identity management tool

The right answer: Senior management should make the decision based on risk tolerance and goals

What OpenID’s limitations might you be unconsciously adopting? We’ve identified a few to consider:

  • User experience: Using OpenID can confuse users since they need to move from their main site to another site to sign on. This issue can be managed, but it may cause some short-term headaches for your support department.
  • Anonymity and personal data: By connecting multiple sites with one ID, your personal information may be at greater risk.

Now, let’s turn to the staffing implications of adopting OpenID.

4. You cut corners on identity management training because you’re overconfident in OpenID

Switching from your current state to OpenID means you have a change management challenge. If you simply order your IT staff to support OpenID, they’re going to struggle.

With some identity management solutions, there are robust training resources and consulting support available. With OpenID, it’s more difficult to find robust training resources. If your staff is highly motivated to make it work, it’s possible.

However, you need to ask:

Change management is already tricky; do I want to take on this additional challenge?

5. You have no KPIs or goals for identity management

OpenID, on its own, doesn’t include analytics and monitoring capabilities. That doesn’t cover it. Instead, you need to address OpenID performance by setting goals for identity management. For example, you may set a goal to delete inactive user accounts after 30 days, or obtain clean audit reports. Make sure your goals are set for your level of identity management maturity.

Here’s the good news…

If you’re already considering identity management improvements, avoid limiting yourself to OpenID, as more robust software solutions exist on the market. For example, you may have to fulfill audit and compliance requirements for governing access.

Easily Fulfill Access Governance Requirements

When your auditors show up, you’re going to be under pressure to deliver. Do yourself a favor and put systems in place to make audits easy. With Compliance Auditor, audit logs are automatically generated with approval details. Keeping auditors and examiners happy is only part of the story.

Save Time Configuring Access

Let’s say you have 1,000 employees spread across a dozen or more departments. That’s way too many to keep track of by hand. You also don’t want to bury your managers with an avalanche of “approve my access” requests. The solution is Group Requester. You can create an access profile for a job role (e.g. “financial analyst” or “sales representative”) and use that profile repeatedly.

Reduce Password Reset Burden

When we come back from vacation, it’s tough to remember passwords. In that case, you don’t want the embarrassment of asking IT for help. Instead of pestering your help desk with constant queries, cut down on the password requests at the source by using Avatier’s Single Sign-On software solution.

By the way, software isn’t the only way to improve password management. We also recommend providing password management training to employees.

Your Next Step to Identity Management Success

By this point, you know about the pros and cons of OpenID. You also know that other software tools can streamline your access management even further. What’s holding you back from improving your identity management program? Resources and funding are the most common answers we hear. You need support from others in the company.To guide you through that process, learn how to build a business case: Get Your SSO Software Project Funded with a Business Case.

Written by Nelson Cicchitto