The Maturity Model

The following sections characterize identity management practices at each level in the maturity model. The characteristics are organized into eight areas: business goals, policies, processes, identity management, identity storage, authentication, authorization, and federation. The characteristics given are illustrative; there are more characteristics than can be enumerated here. Nevertheless, these should be sufficient to give you a clear idea of what each level looks like.

Level 1: Ad Hoc

Level 1 is the furthest away from being a best practice. In level 1, no planning or structure is applied to identity management processes and systems. The statements in Table 15-1 characterize practices at this level.

Table 15-1. Characteristics of level 1 identity management practices



Business goals

Business units see identity management as having negative value. That is, identity management gets in the way of getting work done.


The organization has no identifiable policies about identity. Any rules that do exist are simply part of the organizational folklore.


Identity management processes are not defined or documented.

Processes are carried out in an ad hoc fashion with the desires and whims of the team or team leader being the primary driver. Any processes that do exist are informal.

Team knowledge and talents are not leveraged in a consistent manner, because the process is different each time.

The ad hoc nature of the processes ...

Get Digital Identity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.