This is a segment of the IT marketplace that is very competitive with dozens of vendors offering solutions on more than one front. Most vendors have designed their solutions as either reverse proxies or agent-based with cookies running on servers and are now trying to expand their products to offer
both options. Some are pure web-based applications while others are not and are limited to specific platforms such as Unix and NT preferring to react to the rest if enough customer demand arises. The market leaders seem to switch places every six months as they race to make their products more feature-rich.
Translate options into working solutions
The reality with putting these solutions in place is that they require a lot of up front planning, design and analysis of workflows, business processes, directory schemas and data quality before any technology is even deployed. For these reasons, organizations often underestimate the time and cost of the consulting effort to bring the pieces together and integrate them into a tight-knit system. If organizations take the time up front to set realistic expectations of what they are investing in, fewer headaches and disappointment can be avoided later.
No product is ready to deploy “out of the box” despite the claims of many vendors. Most good integration partners will suggest that a preliminary review be performed to understand the limitations of the host environment, including licences for software already in place, hardware and operating system platforms already in place, and most importantly current business processes that may need to change to support the operating models of the new technologies. For example, if an access management solution requires a new employee to be in the system in real-time prior to their first login on their first day of work, but HR does not key them into their application until two weeks after their arrival, the system will not be able to provide them privileges they would expect regardless of how great the technology is.
Organizations need to understand and accept the limitations of platform independence. All the technologies still have limitations of what operating system they will work on (i.e. some vendor will say their solutions support UNIX, but maybe not all version of UNIX such as Solaris, HP-UX, AIX). Not all solutions support all communications methods or protocols such as LDAP or XML. In the case where an organisation has more than one web domain, each with their own management access system two or more access, sharing of authentication and authorization credentials between them is not yet possible. In that case, a customer will still have to log on twice, once for each access management system. The industry is working on solving this problem along with other independence issues by creating standards such as the XML based protocol called SAML (Security Assertion Markup Language).
Implementation of an e