Every time we think we've finally gotten a handle on the user provisioning/deprovisioning issue something comes along to disabuse us of that notion. In this case it's the results of a survey of attendees at last spring's Directory Experts Conference (DEC) put on by NetPro.

This time around, 280 of the 565 attendees (from 290 companies throughout 28 countries) responded to the survey. They are primarily technicians, work within large corporate and governmental IT organizations, are responsible for Active Directory management and support large numbers of directory users. A full 35% of them feel that, at their organization, provisioning/deprovisioning is either “out of control” or “problematic” to lead the list of problem areas. Also garnering more than a 20% negative rating were: delegating administrative rights (29%); compliance reporting (27%); and disaster recovery (23%). The consensus of their opinions were that these issues are the most administratively tedious and cumbersome. That’s certainly something the vendor community should pay attention to. While we’ve come a long way in automating both the actual provisioning as well as the installation and roll-out of the services it still takes a lot of manual configuration and maintenance to get everything running smoothly.

It wasn’t all negative, of course. Of interest to identity workers, the issue of password management was rated very positively by 40% of the respondents, ranking it 4th among the “least challenging areas” (as the survey called them) behind server configuration, back up/archiving, and data recovery.

There was a lot in the survey about job satisfaction, also. You should read that for yourself but I will note that the majority of respondents listed 4 items as the worst aspects of their jobs:
* Workload/work hours
* Not enough people resources
* Incompetent coworkers
* Insufficient automation

That seems to reaffirm the old French proverb “plus ça change, plus c'est la même chose” (the more things change the more they stay the same) since I can remember complaining about those same issues 20 years ago!

A couple of other highlights, surprising to me and perhaps to you:
* Survey respondents report adoption of role-based access-control stands at 44%, with 18% of respondents planning to implement the technology over the next 6 to 12 months.
* Usage of identity federation has grown from 4% of respondents in 2007 to 12% in 2008. Another 18% of respondents plan to implement identity federation over the next 6 to 12 months. IT organizations still considering federation dropped from 48% in 2007 to 37% in 2008. The percentage of organizations with no plans to implement federation remains steady at about 32% for both years.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.