OM-IND-0012: Managed Workforce Identity Population (Indicator)
ID | OM-IND-0012 |
---|---|
Formal Name | Managed Workforce Identity Population |
In-text Name | number of workforce managed identities |
Version |
|
Type | Base Indicator |
Scale | Ratio Scale |
Status | Draft |
Definition
Number of digital identities linked to workforce entities within the scope of responsibility of the entity, excluding unmanaged distributed identities.
Components
Digital identity | cf. https://open-measure.atlassian.net/wiki/spaces/DIC/pages/419528705. |
---|---|
Workforce entity | This typically comprises permanent staff members, contractors, apprentices, etc. |
Entity | The organization or organizational unit for whom performance is being measured. |
Scope of responsibility | An item is within the scope of responsibility of an entity when that entity owns the item, or has been delegated responsibilities in relation with the item. |
Unmanaged distributed identity | When digital identities are replicated (cf. Distributed Identity (Dictionary Entry)), the replica may or may not need to be actively managed by the entity (whatever the detailed responsibilities of the entity are). This mainly depends on whether the entity is required to actively manage complementary attributes on the replica. By definition, an identity replica that does not need to be actively managed by the entity should be excluded from the count because it does not require individual attention or efforts from the entity. Samples
|
Estimation Methods
Counting the number of managed identities requires a mature IAM platform documented with the architecture of identity distribution schemes. Because this may be too complex or out of reach, an organization may perform an estimation instead.
The outcome of such an estimation should be a 95% confidence interval.
An organization that has a central identity directory may use it to find a lower bound value for the estimated range.
From there, complementary information may be obtained to reach an estimate, such as:
Directories and applications known for containing the highest number of identities may be measured individually. This is an especially efficient approach if the organization uses a few large directories and applications and many small applications.
Provisioning information stored in an IAM platform (manual provisioning of identities is a good indication of identities being actively managed),
SSO or authentication attributes in IT applications inventories.
Once the estimation assumptions are documented, updating the estimate from period to period should be much easier. But the estimation assumptions should be regularly re-evaluated as well.
Rationale
Knowing the number of digital identities within an entity’s scope of responsibility is of critical importance to assure the fulfillment of this responsibility, whatever the responsibility is.
This indicator provides an indication of the volume of digital identities that the entity is expected to manage.
The number of identities is distinct from the number of entities. For instance, the number of entities only evolves as staff members and contractors are hired or leave the organization. The number of identities will be factor of that number that will very much depend on whether the replication of identities throughout the information system is optimal (equal to the number of entities) or sub-optimal (too larger than the number of entities).
Limitations and Complexities
Counting digital identities is complex. This is in good part due to the fact that digital identities may be found in and replicated throughout systems, directories, metadirectories and distributed as part of federation schemes.
Data Sources
Applications
Directories
IAM Platforms
IT Applications Inventories
Metadirectories
Formula
Let X be the set of known identity repositories.
Let e be the entity.
Let R be a set of responsibilities assigned to e.
Let s(X, e, R) = Y be defined as the function that returns Y, a subset of X where for each digital identity y in Y, the entity e has at least some responsibility in R.
The formula for the indicator is then: i = |s(X, e, R)|
Derived Indicators
Workforce Entity / Identity Population Ratio
Related Indicators
Workforce Entity Population
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.