Identifying Skilled Engineers for Sailpoint IdentityIQ Implementations

Sep. 18th, 2018

Sailpoint Identity IQIdentity Governance Administration (IGA) is an extremely complex task.  Whenever stories are told about implementations, it would seem that there are as many bad implementations as there are good ones.  Perhaps you’ve been involved in an IGA project, or at least close enough to one to have witnessed its development and heard the debriefs and lessons-learned.  SailPoint is a relatively new player in the Identity Governance space, but they have been an active leader in Gartner’s magic-quadrant for years.  Only this year has SailPoint developed a certification exam for engineers who implement their IdentityIQ solution.  Before this exam, it was up to the individual customer to trust that their implementers knew what they claimed.  Unfortunately for some, this meant hiring implementers that could talk the talk but couldn’t walk the walk.  While certifications may not always guarantee success, just as not having certified engineers doesn’t always necessarily mean failure, it is a comforting demonstration of mastery.

SailPoint’s approach to exams is radically different from most vendor certification exams.  They use a method called Discrete Option Multiple Choice (DOMC).  It is an approach that challenges test-takers on their knowledge by working to drastically reduce the chance of earning points on exams via calculated guessing.  Test-takers are only shown one possible answer at a time and must mark the correct options as right and the incorrect options as wrong.  As an added layer of difficulty, there is no going back to review your answers.  Once you’ve selected an option, you are committed.  This type of examination is stated to be a more precise way to ensure that certified individuals actually know what they were being tested on and didn’t earn the certification by gaming their way through the exam.  As such, GCA Technology Services is proud to state that two of their engineers were granted opportunities to take the beta Implementer’s Exam mere days before it concluded, and both of them passed.

Aside from certifications, there are also other questions that can be examined to gauge how familiar an implementer is with the product.  SailPoint has several subtle paradigms sprinkled throughout their framework.  Have you ever seen a situation where a termination or extension workflow for contract employees was designed for a single user at a time?  If you’re looking at implementing this, or are in the process of doing so yourself, how do you feel about the user experience?  Have you considered what the flow would look and feel like for a manager with five employees, fifteen employees, fifty?  There have been several real-world cases where I have seen an existing workflow that was designed to handle a single user and managers with a multitude of direct-reports are required to go through that same process for each.  I’m sure you can see how this could grow tiresome quickly.  There is a better way, though.  SailPoint’s workflows are framed in a manner that can take advantage of other native objects within the system.  They facilitate three types of interaction with any given business process:  Self-service, Requesting on behalf of a single user and Requesting on behalf of multiple users.  Not only can you change the way the workflow operates based on the user interacting with it, but you can also dynamically alter who the users capable of requesting on behalf of can select.  The best part is that you don’t need multiple versions of the workflow to accomplish this behavior:  You can achieve all of this and more with a single workflow.  So, if an implementer is looking to design a workflow for a business process of yours, ask them how they would go about implementing it in a manner that would allow these three types of interaction.  Everything you would need to accomplish what I mentioned above is supported out of the box:  All that is required is configuration.

There are many ways to gauge the skill level of an implementer, as well.  How clean does the code look when loaded into the Deployment Accelerator?  Is the SSD being used?  Are the best practices for querying and de-caching Hibernate implemented in the rules and scripts?  Does the configuration of the server line up with the hardware-sizing guide and JVM Tuning guide?  The list of items is long, but each piece helps ensure that you have a clean and efficient implementation.  Some people may scoff at code-cleanliness, making the mistake of thinking that as long as it works that it doesn’t matter how it looks.  This line of thinking is dangerous and costs a lot of time when things don’t function like they’re intended to.  Formatted code with log statements and even comments for additional brownie-points are always easier to revisit than a heaping mess of spaghetti code.  It’s also more comfortable for the customer to consume when they are eventually handed the IdentityIQ instance to maintain.

Certifications and adherence to paradigms are a few of the ways you can identify skilled implementers.  There are many other qualifiers out there, but at the very least you want to make sure that your implementers understand and adhere to the best-practices promoted by SailPoint.  If you’ve had a rocky implementation or are looking to up your game, please reach out to us at GCA Technology Services.  We’d be happy to talk!

Author Information