Seven top situations where you need an Identity and Access Management Roadmap


Miska Laakkonen

Head of Business, IGA and PAM

September 23, 2021 at 09:00


Digitalization changes industries and businesses around the world. People are starting to realize the growing issues related to personal data management. Consultants offer IAM roadmaps to a broad scope of organizations. What are IAM roadmaps really about and why do business owners turn to them?


What are IAM roadmaps?

An IAM roadmap is your company’s plan on how to take control of identity and access management processes and activities. It expresses your desired state of the IAM and the concrete steps you need to get there. It also serves as a tool for you to communicate your IAM goals inside the company.       

The roadmap is often produced by a consulting team or expert and written as the project’s final report of their findings and recommendations. Projects like this consist of different phases that include an analysis on the current state of the organization’s IAM, setting targets and building the roadmap.

The scope of the roadmaps can cover different things: for instance, employees’ digital identities or customer identities. The focus can be on a specific online service and its identities, B2B customers, or a particular customer category, to name a few examples.

Identity Access Management

So when do organizations definitely need an IAM roadmap?

There are different situations, but these are some of the most recognizable turning points where organizations usually contact us:

  1. A new online service needs an IAM solution. A company might plan to launch a new online service, and in it, they need some identity and access management system.

  2. When IAM data is siloed. If customer data is stored in several separate online services or employees’ access rights in dozens of systems with no centralized view, it’s probably time to put together a plan for a new IAM solution. A similar situation might arise when two companies merge: data that used to live in two places now needs to break the barriers and move into a single system to be effective.

  3. Employee onboarding is slow and manual. An organization might have no tool to manage their users and access rights to different systems. They might use a spreadsheet that is filled in when a new employee enrolls or someone’s job title changes. Or, they might have a printed form that the new employee fills and which is filed manually. This process could be automated, and employees could apply for more access rights within an IAM tool. When an organization’s number of data records grows to 500 or more, an automated IAM starts to become a pressing need

  4. The user experience needs an improvement. When registration, login, and personal account management is difficult, people won’t return to the digital service. Sometimes UX is also about improving workflow internally: if the dozens of IT systems and their logins can be replaced with a single sign-in solution, it eliminates the burden of having to remember and update several passwords.

  5. The organization is tied to regulations. There are many different level regulations considering identity and access management that the private and public sector need to follow. Examples include GDPR in the EU, ISO27001 globally, and national regulations such as KATAKRI in Finland. If the company doesn’t know how to set the requirements or how they impact their business, they need an IAM roadmap.

  6. There’s a risk of a data breach. Infosecurity is threatened if IAM is mishandled. If data is leaked to un-authorized users, it can cause legal actions, reputation losses and open unwanted vulnerabilities possibilities for hackers and other scammers to exploitSome IAM tools are also old and not necessarily supported anymore by the vendor. When your IAM system is outdated or has clear shortcomings, it’s time to draw an IAM roadmap toward an update.

  7. The organization wants to embrace digitalization and utilize AI safely. There’s much talk about digitalization and artificial intelligence, but on a practical level, inadequate IAM procedures prevent making digital tools a real business enabler. Sometimes renewing your IAM solution is not only a matter of security, but also an investment to help business grow.

What are the benefits of an IAM roadmap?

By putting together a roadmap, the organization gains concrete targets and action points to improve its IAM. In practice, this can mean:

  • Defining the organization’s principles and policies for identity and access management
  • Recommendations on how to ensure the quality of data or how to conduct a data cleanup
  • Other action points required before reclaiming a product-based solution
  • A product and/or technology shortlist of IT products that would solve the organization’s IAM problems
  • Requests for Information (RFIs) sent to potential product vendors based on the current state analysis and vendor criteria that are defined in advance

Based on the IAM roadmap, the organization can move on to competitive bidding for the execution.


Want to find out your organization’s IAM maturity level? Take our test:

First published 07.10.2019, last revision 23.09.2021