I have dedicated a huge chunk of my career, more than 30 years now, to working with what is now called identity governance and administration (IGA). Over this time I have been exposed to dozens of products and hundreds of organizations collectively working to solve IGA problems. What’s disheartening for me is that I see the same mistakes being made by IGA vendors and practitioners continually.

Anti-pattern is a concept that I first encountered in software development, describing a recurring — usually intuitive — approach to solving a problem that turns out to be counterproductive, often producing more problems down the road than it solves. Anti-patterns are a great way to gain a better understanding of a domain or toolset, clarifying the problem being solved and then exploring the impacts of the “natural” solution. The goal is to learn more elegant approaches to solving problems within a domain.

IGA solutions are challenging to deploy and operate. Obviously, integrating software with a multitude of heterogeneous IT systems is a significant challenge, but anti-patterns make make IGA tools and practices more difficult than they should be. The impact of IGA anti-patterns can range from administrative or operational headaches all the way to data integrity problems. This page gathers together a collection of anti-patterns that have been observed within the IGA domain.

• Role-Based Access Control

• Employee Type Identity Attribute

• Identity As Account

• Trusted Reconciliation

• Direct Updates of Identity Properties or Attributes

• Human Ownership of Non-Standard Accounts

• Revocation Rates

• Dynamic Account Matching

• Standalone Policy Entities

• IT-Side Model Corruption

• Static Collection Scheduling