Sunday, July 8, 2012

The real deal: testing enterprise identity and access manangement

After two years of weekendtesting identity protocols like UMA I am given the opportunity to show my testing skills in identity management in an international enterprise. And it's not only identity management I have to test, it's IAM: Identity and Access Management. A difference I'll explain in a future post.

Multiple applications, multiple users and multiple devices (BYOD) and all in an international context: that's a challenge I want to take.

I will have to test the whole chain, so it will not be only to check if a user can log in. No, it demands a good functional and technical understanding of the chain and its points of failures. And I found out, it has to be good from the beginning.

It is a chain test, so no stubs or drivers are allowed and the testdata has to be fed in the enterprise personnel management system based on SAP HR. SAP I always wanted to learn, so here's my chance.

This will be an adventurous job, with every day different things in IAM to test: authentication, authorization, IAM-software, SAP, BYOD, Role Based Access Management are just a few. Did I already say I'll have to test this on my own with a lot of stakeholders and little information?

Enough challenges to conquer: Who dares wins!

The next posts I will share my experiences and give you an insight in the life of an IAM-tester.

Tomorrow it's Monday again, mucho trabajo!!

No comments: