The all knowing Oracle of Identity

Is that your company’s HR system? Not by a long shot according to Bavo De Ridder:

This is where I have to disagree, strongly disagree. For years IDM product vendors have been telling us that the HR database should be the primary source for Identity information. This is just not true. The HR platform can not fulfil this role of primary source. The platform has been built and is driven by the need to manage the employee status of people and make sure they are paid properly and in time. This difference between what the HR platform actually is and what IDM product vendors want it to be, becomes more visible if you look at the following typical issues:

He is absolutely right, HR Systems make a poor font of identity information. Also, in most cases, they are a pain to integrate with. And they often don’t include the information about contractors and partners that the IdM system needs to know about. Political realities often make the HR department resistant to helping with an IdM rollout.

In many cases, however, there simply isn’t a better source of information available. You have to make do what you have to work with.

It’s also not fair to lay the blame solely on the IdM vendors. When I worked for IdM vendors I often had the customers themselves insist that the HR system be the authoritative source.


  1. I agree with your statement that “there simply isn’t a better source of information available.” Pragmatically speaking, we have to work with existing data sources. Typically that is the HR system for employees and additional source systems for contractors or other users. Are these perfect? Of course not. But often we must deal with the realities of imperfection and progressively improve.

