SBN

The Ultimate Guide to Creating an Identity Blueprint: What It Is, Why You Need One, and How to Build It

So, you’re about to kick off an identity initiative and wonder where to start. Who do you talk to? What systems do you need to integrate with? What applications should you start with? …Or should you just forget the whole thing and update your resume instead? Well, don’t worry. This article is your “Golden Ticket,” a sack of magic beans, the secret sauce to ensuring your identity project kicks off on the right foot.

What is an Identity Blueprint?

Like any other engineering effort, an identity project needs to have a blueprint. In the world of identity, this starts with a blueprint of your digital identity. A well-thought-out guideline for what you’re going to build is vital to your success, because it serves as a reference point to return to when you have questions about what action should take place next, as well as the timing of the action.

The basic elements of an Identity Blueprint include:

  • A list of all the attributes that you want to collect around an identity
  • The rules around those attributes
  • Designation of which attributes are actionable, which ones are for correlation, and which ones are for display purposes

It’s important that your final Identity Blueprint be able to answer the following questions:

  • What attributes do I need to manage in my digital identity?
  • How do I determine the uniqueness of my digital identities?
  • How do I tie my digital identities to the correct accounts?
  • What attributes cause the state of my digital identity to change?

If you can’t answer these questions, your blueprint is incomplete, and while you could build your project without these answers, it will go much smoother and faster if you have them at the start.

Claroty

Why you need an Identity Blueprint

An Identity Blueprint helps guide conversations with different departments within your company and ensures you ask the right questions about the data you’ll need. Without an Identity Blueprint, knowing where to start or how to capture all the information you need to complete your project can be challenging.

The success of your identity project is highly reliant on interdepartmental relationships and business processes. At a minimum, you’ll need to interact with two separate departments within your organization (that likely have nothing to do with each other, aside from the fact they’re in the same company). When approaching these departments, you’ll need to have a clear conversation about the data you’ll need and the processes that produce and require that data. An Identity Blueprint upfront helps guide these conversations and uncovers who the attribute source owners will be. Additionally, it ensures you’re asking the right questions to the right people.

Let’s say, for instance, your Identity Blueprint looks like the following:

First Name – Display

Last Name – Display

Department – Display, Actionable

EmployeeID – Display, UniqueID, Correlation

Manager – Actionable

You know the attributes you want to collect, and which data points collected will likely trigger a state change of the identity. So, when you talk with the attribute source owners, instead of saying, “Tell me what attributes you use for account creation” it would help if you instead said, “These are the attributes we’re looking at for account creation. Is there anything we’re missing?” For any attributes you’ve deemed actionable, you can ask, “Can you tell me what happens when a user’s department attribute changes? Are there any other attributes that trigger changes when they’re updated?”

How to build your Identity Blueprint

Now that you know more about what an Identity Blueprint is and why you need one, let’s talk about how to build one! The first step is understanding your business processes. You’ll need to know precisely what actions will be taken on an identity and what data points are necessary for those actions. For example, if you’re building an account creation process, you need to know what data is essential to create an account. This data could include first name, last name, email address, and password. Once you have a list of all the business processes that will be performed on identity, you can start building your blueprint.

Your blueprint should include a list of all the attributes needed for each business process. For each attribute, you should also have what type of data it is (string, number, date, other) if it’s required data, a brief description, the source of the attribute, and a descriptor.

An example blueprint might look like this:

First Name – string – required – The user’s first name – HR – display

Last Name – string – required – The user’s last name – HR – display

Email Address – string – required – The user’s email address – Active Directory – display

Password – string – required – The user’s password – Active Directory – secret

Department – string – required – The user’s department – HR – display, actionable

Once you have a complete list of attributes, you can begin to add to the business processes. Start by conducting interviews with the appropriate departments to understand the process of capturing the data. Any rules around the data should be added to your blueprint, validated, and shared each time you talk to a new department. This conversation safeguards everyone against surprises when managing the data. Suppose the HR department updates the department attribute, as does the Active Directory team. In that case, that’s a conversation you’ll want to have before you go live — especially if you’re taking any action based on a department change.

Your Identity Blueprint should be a living document that’s updated as your strategy advances and your project progresses through each phase. These updates guarantee you have all the information you need before going live with your project. As you speak with different departments and get more information about the data, you’ll be able to pivot quickly and update your blueprint accordingly.

An Identity Blueprint is an important document to have when starting an identity project. Without an Identity Blueprint, knowing where to start and how to get the data you need for your project can be overwhelming. Building your Identity Blueprint can be a daunting task. Still, it’s essential to understand the entire scope of the business processes performed on identities and what data is required to complete the processes. By conducting interviews with different departments and updating your blueprint as you go, you’ll have everything you need to go live successfully.

David Lee is both SecZetta’s Director of Product Management AND the world-renown Identity Jedi. Connect with him on LinkedIn to get fresh insight on all things #Identity. 

*** This is a Security Bloggers Network syndicated blog from Industry Blog - SecZetta authored by David Lee. Read the original post at: https://www.seczetta.com/guide-to-creating-identity-blueprint-blog/

Application Security Check Up