What Does IDM Engineer Do?

Identity Management Engineer is not just a job. It’s rather a mission. IDM Engineer is supposed to be ready to be involved in the IDM project in any or multiple phases. He can start from the very beginning, when the project is in its pre-sales phase; he can provide consultations for partners during the analysis or later during the deployment or the support phase. The sooner the IDM Engineer is engaged, the better for utilizing his skills.


IDM software is rather a tool than a complete out of the box solution. Having IDM Engineer knowing the software is far more effective than just deploying the solution in “default” settings, and then trying to understand how it works. If the IDM software is a tool, the IDM Engineer must be the “brain”, but he also needs to know the software limitations. The combination of the tool and IDM Engineer is what can help you to deliver the solution and have a satisfied customer.

Anytime IDM Engineer starts working on the project, his main task is matching customer requirements to the IDM software features and configuration.


IDM Engineer can be “deployed” in the pre-sales phase to help the partner to address customer requirements and match them to IDM software features. This helps to identify what parts of the software should be enhanced even before the deal is made. Also, IDM Engineer can help to estimate the effort needed to successfully deliver the project. IDM Engineers are not sales persons, they evaluate the situation to deliver the solution will work and can be supported. Usually the effort estimations from IDM Engineers are not to be underestimated; instead they should be well understood and taken seriously. IDM Engineers usually can use their skills from other projects to project the estimated efforts. Including the pessimistic and even worst case scenarios.

Analysis and Design

IDM Engineer can help with the analysis phase. He can prepare the right questions about customer environment, target systems, source systems, processed etc., and will help to limit the number of tasks that can be recommended to the customer to be solved in the single project phase. IDM Engineer can help with the overall solution design.

Provisioning Implementation and Testing

IDM Engineer must be good in IDM software customization – and testing. He should be able to test the crucial features from the very beginning; experimental, development and testing environments should be accessible to make prototypes, and to help connector developers with the connector testing. IDM Engineer usually does not implement the connectors, but he needs to set them up and configure rules for attribute setting, correlation rules etc. So he needs to understand how the IDM software works, how to diagnose problems and how to replicate them to distinguish configuration problems from software bugs.

A lot of IDM Engineer work is simply testing and putting the puzzle pieces together. There may be bugs (and they WILL be there), they need to be diagnosed, reported and re-tested. IDM Engineer serves as a bridge between the partner or customer technical staff and IDM software developers, kind of “internal customer”. IDM software developers deliver code and test it in their unit tests, but IDM Engineer must make sure that the code works in broader context, in customer-like environment before the feature/bugfix is considered done. So the IDM Engineer is partially an IDM deployer, partially a tester, partially an analyst, but together he is simply a consulting hacker making things work by configuration.

Deployment and Support

After solution is implemented and configured and tested in development and testing environments, it has to be deployed to the real world. Everything before this phase was kind of training, now this is the reality. The production (live) environment is usually somehow different from any other environments; there are always some aspects that cannot be replicated anywhere else, say the number of accounts, actual user data etc. So production environment deployment is always very important, mainly the user/account data synchronization.

When the setup is complete and data is synchronized, the deployment is finished and the project starts the support phase, which can be described as a mix of the previous tasks (diagnosing, analysing, implementing, deploying).


IDM Engineers are usually always ready. They can go where they are needed, by wire, see, air or land, alone or in a team, with proper tools and their coleagues and developers on their Six. Some missions are short, some very long and some are even rescue missions. But wherever they go (where no one has gone before), even if they fight bugs and problems, their main task is to help the project succeed and give the customer what he needs and what he pays for.

… and beyond …

For me, working as IDM Engineer in Evolveum is a dream job. Even if each IDM project is usually dealing with problems. It’s not that I like the problems, but I like that feeling of satisfaction when the problem is solved, or at least, mitigated. Each problem is a different puzzle, a magical mystery, sometimes even funny. Some must be resolved very quickly, for some you have time to make a nice (and not just quick) solution. But I’m still having fun when deploying IDM solutions.

With midPoint, it’s a double fun. I was with the midPoint team from the very beginning, so I could compare our then-evolving provisioning system with well-known ones. The comparision was often very inspiring – many of midPoint features were created because we lacked something in the commercial software. And so midPoint became very usable almost from the beginning and it’s still getting better.

Leave a Reply

Your email address will not be published.