Making the Move to Modern IAM

November 28, 2016

Thanks to the digital business boom, identity services are in high demand. Customer and workforce identity data enables mobile, web and Internet of Things (IoT) engagement and productivity. However, legacy identity and access management (IAM) systems weren't designed to handle today's digital use cases.


In the past, IAM systems managed employee data and governed access to internal systems within well-defined firewalls. Today, IAM solutions must manage customer identity data use and sharing in multi-channel environments in addition to workforce identities and system access. Customer IAM (CIAM) is intricately tied to strategic business initiatives and requires an entirely different set of capabilities. A successful CIAM solution must be able to:


  • Handle identities and associated data at massive scale, often in the hundreds of millions rather than thousands.
  • Ensure strong data security in a complex ecosystem with multiple endpoints, varying regulatory policies and increased breach risks.
  • Unify profile data from different silos into a holistic view of the customer.
  • Drive consistent experiences by securely collecting and delivering data across multiple channels.
  • Support fast deployment of identity data-dependent apps and services through APIs.
  • Capture customer preferences and privacy consent and enforce it across all customer touch points to support personalized customer experiences.
  • Enable compliance with data privacy regulations that vary by region, demographics and context.
  • Support social login as well as adaptive and step-up authentication.
  • Offer fine-grained data governance capabilities that control the data each application can access.


These requirements place identity management at the center of the enterprise in ways we've never seen before. To meet the new criteria as well as gain performance and cost improvements over outdated technologies, many IT professionals are replacing their legacy directory servers and IAM systems with modern solutions. Some of these new platforms cover the full spectrum of workforce customer identity management requirements in addition to traditional workforce IAM capabilities.


No matter what solution you're evaluating and planning to implement, several best practices can help ensure a successful transition to the new system with minimal downtime and without jeopardizing the security and integrity of your data.


  • Bi-directionally sync data during the migration period.
    Operate the old system and your new system simultaneously for a period of time before retiring the legacy directory server. This requires the ability to synchronize the data bi-directionally in real time.
  • Automate schema and migration configurations.
    In many cases, old and new systems will have different features and options. This can present a challenge when migrating legacy schemas and configurations. You can resolve any potential issues by using automation tools to map configuration settings and avoid manual application changes.
  • Avoid application service disruptions during migrations.
    Isolate the application portfolio layer from any changes you're making to the directory server by routing application requests and LDAP clients to the new solution incrementally.


Change can be daunting, but approaching your directory server migration step-by-step, can help mitigate stress and pave the way for a smooth transition. The end result will be an IAM platform that reduces costs and improves efficiencies while supporting digital business initiatives.