We recently wrote about delegated administration, a powerful Identity and Access Management (IAM) system feature and how it gives organizations the ability to assign control of of activities directly to business managers and system owners, as well as some common use case scenarios.
Delegation enhances security, increases business agility, and reduces risk across an organization. While this might seem counterintuitive because everything is not centrally and tightly controlled under the IT department, ultimately, delegation empowers the business by putting decision-making into the hands of the people and system managers with the necessary context and knowledge to make informed decisions about who should have access to what and can complete such tasks more quickly than going through the help desk.
Read on to learn not only how this is possible, but also how your organization can leverage the power of delegation to maximize your IAM investment and embrace security—rather than viewing it a barrier.
The Delegation Model
To understand how delegation empowers an organization, we must first understand how the delegation model for IAM works. The delegation model has three major levels of configuration and administration. Here’s a breakdown of those levels:
At the top is Level 1, where the core IAM/IT team configures the IAM solution based of the organization’s governance policies. These policies themselves articulate the vast majority of delegated access rights.
Some examples might include: who is authorized to take action on another user's account, what data about a user are they allowed to view and/or edit, and can they approve/deny an access request.
Level 2 is the core of delegation because this is where business owners are given the privileges to take those actions on users throughout the organization. However, these actions are implemented per the organization’s governance policies.
So, for example, if an organization’s governance policy states that support team members have the privilege to reset passwords for all users and also to authorize access to the support ticket system, then those delegations would be configured in the IAM system at level 1. Then, level 2 is where support team members can see the delegation with all users and approve requests for users that need access to the ticket system.
And finally, there is Level 3, the end-user perspective. When a user has a specific issue with authentication or access, he or she does have to go to IT and wait in a ticket queue because the delegation model empowers the project or business lead to assist the user.
This results in less downtime, a more streamlined business operation, and a better end-user experience because the user get issues or requests resolved much quicker.
Why Delegation is a Win-Win Scenario
While you may initially look at this model and wonder if it is giving up too much IT control because it enables access to be given out freely and without IT oversight, in reality, this model actually gives organizations a win-win-win scenario.
First, at Level 1, IT still supports and centrally manages the IAM solution. Furthermore, IT is the group that defines the policies per pre-established governance rules. This means that any technical, security, compliance, or other considerations are centrally configured and managed by IT.
Second, per those policies, IT can now delegate many basic IAM tasks down to project and business team leads in Level 2. This means the support team is no longer spending hours every day on tedious tasks, like passwords resets. So, your IT staff is happy to have this burden off their plate, AND business team leads are happy because they can handle these tasks without having to engage IT and wait for issues to be resolved.
And finally, there is a massive positive impact on user experience at Level 3 because end-users get the access or issue resolution they need much quicker. As a result, the organization is more productive and both IT staff and end-users can focus on the core business goals of the organization.
Maximizing the Value of Your IAM Investment with Delegation
Delegation is one of the most powerful features of any IAM solution. With delegated administration, your organization can shift technical controls away from your IT department and into the hands of the appropriate business owners—without sacrificing security or IT oversight.
As a result, the business is empowered to be more agile and productive and IT staff are freed up to focus on more strategic initiatives that move the organization forward.
Ultimately, delegation is the single feature that truly makes it possible for an organization to maximize its investment in an IAM solution by streamlining business processes in a secure and supportable manner.