Identity and Access Management Capacity Planning/Sizing consideration

This article intends to provide a Point of View (POV) on the various sizing considerations for any Identity and Access Management platform deployment.

IAM is a security consideration that cannot be overlooked. It requires careful planning and strong understanding of the technologies involved. The sizing should not only consider the technical architecture of the IAM solution but also consider the process framework including (eg: provisioning/de-provisioning, access requests, reconciliation, certification etc.)

There are several factors that influence the overall capacity and performance of Identity and Access Management platform deployment. Counting Operating System performance, Network performance, Application Server performance, Database performance and number and type of resource managed by the IAM system etc. Finally, the expected scale of the deployment, as well as the load that is expected to be placed on it, are typically more obvious factors that affect performance and capacity.

You should have the following basic answer handy before finalizing the IAM sizing. Please note that these are the general sizing consideration questions for any IAM deployment; For any product specific (eg: SailPoint IdentityIQ, Oracle IAM Suite of products, CA, Ping Identity, Okta Identity Management etc.) capacity planning, you MUST refer to the SIZING GUIDELINES doc provided by the product vendor.

Gathering input for system sizing:

GENERAL

 Number of user population i.e. Internal Users & External Users (Vendors, Customers, Supplier) & total number?

 Projected number of concurrent operations

 Projected bulk operations

 Projected number of end-user requests per day

 Number of roles and role members per role

 Number of roles and resources associated with an access policy

 Projected number of user attribute changes

 Number of workflows/ Complexity of workflows / What is the expected workload characteristics?

 Number of user admin requests per day (add/change/delete)

 Is the system accessed by non-corporate users and key reporting requirements

IDENTITY PROVISIONING AND DE-PROVISIONING

 Type and number of systems to be managed or integrated with IAM solution

 Type of each resource adapter /system 

 Total number of accounts for each type of resource adapter

RECONCILIATION

 Number of authoritative sources and Number of target resources

 Number of accounts per resource

 Frequency of reconciliation

 Degree of change in all resources (authoritative and target)

 Amount of pre- or post-processing of data involved e.g. transformation and validation logic

CERTIFICATION

 Frequency of Certification

 Type and Complexity of certification

 Customizations of certifications

 Total number of resources (Application Instance, Business Roles, Entitlements) in the system

 Average Number of resources (Application Instance, Business Roles, Entitlements) per user

HIGN AVAILABILITY REQUIREMENT

 Is the user interface required to support session fail over?

 What are the recovery requirements for the database?

 Will the database require fail over for 24x7 uptime?

For any specific queries pls reach out to me.