Using external IAM or the portal platforms OOTB security functions?

I've done a few posts on the IAM/portal subject (http://blog.tomaselfving.com/2008/10/security-architectures-for-portal.html, for instance) and there is surely a lot to gain from separating the access management and the identity management functionality from the portal platform and its web applications. On the other hand, an IAM platform is a huge investment both to buy and to implement as it requires expert product competence.

So, what are the arguments for choosing an external IAM platform?

In my opinion, if You have requirements for...

1. Several login methods, especially login methods not found in portal platform products.

2. Protecting more than one appllication, especially applications on different platforms (i e web applications and SAP)

3. SSO between applications on different platforms, both web and other apps.

4. High security requirements can in itself motivate an IAM-platform, as you may move the portal platform inside the DMZ and only have the reverse proxy on the DMZ.

5. Protecting a SOA environment of web services as well as web applications may be an interesting scenario for an IAM solution

...then, You may go ahead and evaluate IAM products to compliment your portal platform.

And finally, look carefully at the quality of the adapters between the IdM products and your portal product. It will be in the interface between the IdM and the portal that You will find the toughest challenges of the integration work. If this interface is poorly constructed, the IAM implementation may end up limiting the functionality of the portal platform!

© Copyright 2008, Tomas Elfving