11 situations where you need an Identity and Access Management Roadmap


Miska Laakkonen

Head of Business, IGA and PAM

October 7, 2019 at 14:49

Digitalization changes industries and businesses around the world. People are starting to realize the growing issues related to personal data management. Consultants are offering IAM roadmaps to a broad scope of companies and the public sector. What are IAM roadmaps really about and why do business owners turn to them?

What are IAM roadmaps?

IAM roadmap is your company’s plan on how to take control of some or all identity and access management processes and activities. The roadmap expresses your desired state of the IAM and the concrete steps you need to take to get there. It also serves as a communication tool for you inside the company.       

The roadmap is a final report of a consultancy project related to identity and access management. The project consist of different phases that include IAM current state analysis, setting targets and building the roadmap.


The scope of the roadmaps can be, for instance, company employees’ digital identities or customer identities. The focus area can be limited to a specific online service and its identities, b2b customers, or a particular customer category, to name a few examples.

In which situations do organizations need an IAM roadmap?

There are different situations, but these are the eleven turning points where organizations usually contact us:

  1. A new online service needs an IAM solution. A company might plan to launch a new online service, and in it, they need some identity and access management system.
  2. Customer or employee data is siloed. Customer data is stored in several separate online services, or information of employees’ access rights are stored in dozens of separate systems and there is no centralized view on all the data. IAM solution is needed to solve the problem.
  3. Employee onboarding process is slow and manual. An organization might have no tool whatsoever to manage their users and access rights to different systems. They might manage identities in a separate excel that is filled in when a new employee enrolls or someone’s job title changes. Or, they might have a printed form that the new employee fills. These forms are filed manually. This process could be automated, and employees could apply for more access rights by themselves within an IAM tool.
  4. The user experience is clumsy. When registration, login, and personal account management is difficult, people won’t return to the digital service.
  5. The current IAM tool is outdated. IAM tools might be decades-old systems that don’t serve the organization anymore. The product vendor might even have stopped supporting the system. At this point, an organization needs a throughout current state analysis to be able to acquire a new system that meet their requirements.
  6. The company has grown, and manual IAM is no longer an option. When an organization starts to handle about 500 data records or more, the need for an automated IAM system is evident.
  7. Two companies merge. When two procedures and IAM solutions should be tied up, there’s usually a need for clearing out which solution should they continue with.
  8. The every-day task of several logins burdens the users. Nowadays, there are dozens of IT systems a knowledge worker needs during their day. The sign-on to these systems can be inconvenient and cause interruptions to the workflow. Modern-day single sign-on solutions may smoothen the working experience because it removes the need for remembering several passwords.
  9. The organization is tied to regulations. There are many different level regulations considering identity and access management that the private and public sector need to follow; otherwise there are sanctions. For instance: GDPR in the EU, ISO27001 globally, and national regulations such as KATAKRI in Finland. If the company doesn’t know how to set the requirements or how they impact their business, they need an IAM roadmap.
  10. There’s a risk of a data breach. Infosecurity is threatened if IAM is mishandled. If data is leaked to un-authorized users, it can cause legal actions, reputation losses and create possibilities for hackers and other scammers.
  11. The organization wants to embrace digitalization and utilize AI safely. There’s much talk about digitalization and artificial intelligence, but on a practical level, inadequate IAM procedures prevent making digital tools a real business enabler.

What’s the benefit of an IAM roadmap?

From the roadmap, the organization sees concrete suggestions to improve its IAM. In practice, this can mean:

  • Defining organization’s principles and policies for identity and access management
  • Recommendations for instance on how to ensure the data quality or how to conduct a data cleanup
  • Other action points required before reclaiming a product-based solution
  • A product and/or technology shortlist that gathers together the IT products that would solve their IAM problems
  • Requests for Information (RFIs) sent to potential product vendors based on the current state analysis and vendor criteria that are defined in advance

Based on the IAM roadmap, the organization can move on to competitive bidding for the execution.


Want to find out your organization’s IAM maturity level? Take our test: nixu.com/DI