Success Factors for Identity & Access Management Projects

Identity & Access Management (IAM) and Identity Governance (IG) projects are highly complex and, as numerous studies confirm, often fail to achieve their intended success. While the reasons may vary, a closer look reveals that critical success factors are often either neglected or insufficiently addressed.

We guide you step-by-step through the phases of an IAM project and reveal which success factors can ensure your project becomes a full success.

The Discovery or Strategy Phase – The Start is Crucial

Every IAM project begins with a discovery phase — often referred to as a pre-project, feasibility study, evaluation, or strategy phase — during which the project team is formed and the future IAM initiative is planned. This early phase contains the most important success factors, which determine the project’s direction and goals from the outset.

The composition of the project team is already essential for setting the right course. An IAM project is designed primarily to provide business value by optimizing user management processes, making permission assignment transparent, and improving communication between IT, business departments, and HR. To achieve this value and foster acceptance among users, the IAM team must include the right members: representatives from HR, business departments, IT administrators, IT coordinators, the works council, audit, data protection, security/compliance, and potentially the CSO or CISO. However, not all members need to be involved continuously — define a core team and an extended team to ensure fast decision-making while still having access to all necessary information.

Particular attention should also be given to selecting a suitable project manager. This person should not only have long-standing experience in managing complex projects but also be well-connected within the organization to quickly reach the right stakeholders when challenges arise. Hiring someone new to the company as the project manager can sometimes backfire due to a lack of internal networks.

Once the project team is formed, its first task is to establish a shared understanding of the IAM initiative. This includes assessing the current situation and weaknesses in user management, as well as understanding IAM/IG concepts. As there is no universally accepted definition of IAM, our article on IAM Terms, Components, and Functions can serve as helpful guidance.

As mentioned, one of the most critical success factors is setting the right direction and goals. The project should bring business value and optimize user administration processes in a user-friendly way — it must therefore follow a process- and organization-oriented approach with realistic, achievable goals. Projects driven purely by technical motives, such as syncing user data, offer limited value and are prone to failure.

Another challenge in the discovery phase is evaluating IAM products. Many organizations, often with support from external consultants, invest substantial time and money here. While choosing the right product is important, it’s worth noting that several IAM tools on the market meet today’s standard requirements. These tools differ only slightly in features. The focus should be on verifying whether the tools meet your critical must-have criteria. All products have some limitations, but experienced IAM integrators usually know how to work around them. Our recommendation: focus on the value-for-money ratio — IAM product license and maintenance costs can vary drastically.

Since companies almost never carry out Identity & Access Management (IAM) or Identity Governance (IG) projects without external support, the responsibility for the success factors of the discovery phase — and later project phases — largely lies with the IAM consultant or system integrator. Make sure to choose a qualified advisor: not every IT consulting firm that offers IAM services brings the necessary experience, qualifications, and expertise. Take your time to speak with reference customers of the service providers on your shortlist before making a final decision.

One of the most important outcomes of the discovery or strategy phase — and thus crucial to project success — is a realistic plan for the next project phases. In practice, IAM projects usually span several years, so it's essential to break them into manageable subprojects that each provide measurable value and ideally don’t exceed one fiscal year. When setting priorities, you should also consider quick wins, such as the implementation of User Self Services.

The project plan should also include a realistic estimate of internal and external efforts, as this forms the basis for your IAM project budget. This budget must include not only licensing and maintenance fees but also service and consulting costs. If the required effort is underestimated, your budget will fall short — which can quickly lead to project failure. Here again, involving an experienced external IAM consultant can be beneficial, as they can contribute valuable insights and effort estimations based on comparable projects.

One final but critical success factor is executive support. Make sure your IAM initiative receives sufficient management attention — a project of this complexity requires strong backing when it comes to resolving issues and removing obstacles.

The Design Phase – Don’t Lose Sight of Strategy and Goals

Based on the project plan created during the discovery phase, the design phase now focuses on defining the functional and technical requirements that will serve as the foundation for implementation. The functional design includes target user management processes, IAM workflows, user lifecycle management, request and approval procedures, and escalation paths. The technical design defines how these processes will be implemented in the IAM system and describes the technical architecture, including workflows and connectors to source and target systems.

Depending on your project roadmap, there may be multiple design phases. In such cases, it often makes sense to create an initial high-level design covering all phases and then develop detailed designs within each specific phase.

Before discussing new success factors for this phase, let’s revisit the discovery phase. Several of its success factors remain equally important here. Keeping a clear focus on the project’s process-oriented and organizational goals is absolutely critical. To ensure value for the business, your target processes — and user acceptance of them — must form the foundation of your design. The composition of the project team and the role of the project manager remain just as vital. A strong, well-connected IAM project lead must ensure that key stakeholders are available for defining the target processes — and that timelines and budgets are strictly followed.

You should also continue to involve the IAM system integrator or consultant in the design phase — they must bring the necessary experience, qualifications, and expertise. If the system integrator uses a mature project methodology specifically tailored to Identity & Access Management, their consultants will have access to a wide range of templates that ease the workload and ensure you don't have to start from scratch. You will often ask them, "How have other clients solved this?" — a consultant with sufficient hands-on experience in IAM projects will be able to provide clear and relevant answers.

Although no development takes place in the design phase, deep, product-specific IAM expertise is already essential at this point. You must ensure that the defined target processes are feasible with the IAM product you have selected — and that this enables user acceptance. As mentioned earlier, every product has its weaknesses. However, if you are aware of them in advance, even small adjustments in your conceptual design can guarantee technical feasibility and help avoid costly retroactive changes later on.

The most demanding part of the design phase is the development of a role model that allows access rights to be assigned via business roles rather than individually. As the heart of any identity management system, role-based access control offers the greatest value — but also represents the biggest challenge of an IAM project. A consultant experienced in role modeling can provide one of the most valuable contributions to your project here.

Last but not least, continue to ensure sufficient management attention. Even during the design phase, challenges may arise that require executive support.

The Implementation Phase – Deep IAM Product Expertise Is Essential

During the implementation phase, all components of the IAM system are initially installed in a development environment, and the technical concepts are realized there. After successful testing by developers and users in a test and/or quality assurance environment, all configurations and developments are transferred to a production environment and go live. (The number of environments may vary.) Depending on the IAM project plan, there may be multiple implementation phases.

As with the previous project phases, many of the known success factors continue to play a critical role during implementation — including the right project team composition, a capable project leader, a process-oriented and goal-driven approach, and sustained management attention.

Just as essential as in the design phase, deep product-specific IAM expertise is critical during implementation. It ensures that the concept is executed on time and within budget. Only IAM developers with extensive product knowledge and hands-on experience from previous IAM projects are capable of implementing complex concepts in highly intricate IAM systems.

As a customer, you must also decide at the beginning of the implementation phase whether you want to build up your own IAM expertise to actively participate in the development and later maintain the system, or whether you prefer to fully rely on your IAM system integrator. If your integrator follows a proven IAM project methodology, they will have no problem integrating you into the project based on your preferences and skills, and coaching you accordingly. Ideally, you should attend a product training offered by the IAM vendor or a certified training partner to lay the foundation for your technical involvement. However, if you're thinking about implementing everything without external help from the very beginning, we must strongly advise against it — the complexity of IAM systems is extremely high and requires a great deal of time and experience to master independently.

The final new success factor during implementation is testing. Before any IAM configurations are moved to the production system, thorough testing must be conducted. These include functional tests of the IAM core system, workflows, and connectors to source and target systems by developers, as well as user scenario testing by business departments. In these user acceptance tests, predefined test plans are used to simulate the target identity processes — including all lifecycle stages, requests, approvals, and escalations. Only if the users themselves give positive feedback regarding usability will your IAM project gain the acceptance it needs to succeed.

Conclusion

Identity & Access Management / Identity Governance projects are highly complex, but fully achievable if you identify and fulfill the key success factors. The right project team, an experienced and well-connected project leader, and a shared understanding of the IAM goals among all stakeholders form the foundation. With realistic planning, accurate budgeting, a process- and user-oriented design approach, and strong executive support, your chances of a successful implementation increase significantly. If you also bring in an experienced IAM service provider with deep technical product knowledge, project experience, and a proven IAM methodology, your project's success probability increases dramatically. Ultimately, you have the power to make your IAM project a resounding success.