An analyst stirred up some drama at the Gartner Identity & Access Management Summit in Los Angeles this month with some comments about user provisioning. (Yes, you read that right: the words "drama" and "user provisioning" in the same sentence!) The analyst referred to user provisioning as "tactical." But by the time that simple remark had been passed around the halls and the lunch tables, it had changed, just like in the game of "Telephone" we played when we were kids. Somehow, "User provisioning is tactical" turned into "User provisioning is dying out" and even "User provisioning is dead." Because of the confusion, I thought I should clarify what Gartner believes about this important area of identity administration.

If we have the opportunity to build applications and services correctly … and if we choose them wisely … and if they create an adaptive, contextual, policy-driven set of business solutions, then the need for a technology like user provisioning to synchronize changes across disparate platforms and applications will be minimized or eliminated. But that's a lot of ifs, isn't it? The reality is, as long as we have those disparate platforms and applications, user provisioning will remain a necessary evil — the "plumbing" that makes the best of our past decisions, both good and bad.

The Gartner analyst's comments about tactical user provisioning were hopeful and forward-looking. They were meant to suggest that enterprises can plan their way out of a perpetual reliance on "plumbing" — but only if identity and access management (IAM) planning is part of consolidated application development and integration planning, and part of services planning. If they remain separate silos of planning and architecture, user provisioning not only will remain very much alive, but unfortunately will move from tactical to chronic.

Submit a Comment | Permalink

Traditional User Provisioning is not dead but must change. The classic model principally thought of as a synchronization tool consisting of users, permissions and at times roles, is proving itself to be limited in managing complexities associated with the modern concept of Identity & Access Management.

For instance a coherent Role Management solutions now is mandatory, as the recent acquisitions of Bridgestream on the part of Oracle and VAAU on the part of SUN give concrete proof that the transition has begun. Integrating User Provisioning and Role Management components is far too complex an effort. In my opinion only the technological portion of User Provisioning (connectors towards the target systems) must be used, in order to avoid needless and dangerous data duplication.