The Best IAM Advice Ever: The 2022 Edition

Subscribe for more like this



Edited by Apryl Motley, CAE - InCommon Communications Lead

InCommon Community

Throughout 2022, we asked members of the InCommon community to share the best identity and access management (IAM) advice they had ever received and from whom. Without further ado, here are 10 pieces of the best IAM advice ever.

  1. One of my big takeaways has been how single sign-on (SSO) can make life easier for people. (Nick Lewis, Internet2)
  1. When working on an issue, my IAM colleague Alex Willman often asks, “What if we flip this on its head?” His advice is typically given when at an impasse or when multiple options exist. That is, perhaps, we can address our issue if we look at our problem differently. (Jason Rappaport, Princeton University)
  1. The data is always a bit dirty – never assume otherwise. (Gail Lift, University of Michigan)
From left to right: Nick Lewis, Jason Rappaport, Ivan Norris, Keith Wessel, Josh Drake, Laura Paglione, David Bantz, and Heather Flanagan
  1. You cannot cheat the project management triangle. (Ivan Norris, Evolveum)

  2. Keep it simple. This was a logical extension of the thin registry schema model put forth a few years ago in the early days of the Trust and Identity in Education and Research (TIER) program by Keith Hazelton and Tom Jordan among others. (Keith Wessel, University of Illinois Urbana-Champaign)

  3. From the IDPro Skills Survey Report, Sarah Cecchetti, Founding IDPro member: “It takes 2–5 years to become proficient – not expert, but just proficient – as an IAM professional.” (Heather Flanagan, Spherical Cow)

  4. From Ryan Kiser, Omni Security Operations Center at IU: “It’s not hard; it’s just complicated.” ( (Josh Drake, Indiana University)

  5. “You can’t always get what you want, but if you try sometimes you might get what you need.” (David Bantz, University of Alaska)

  6. “No one understands everything.” (Laura Paglione, Spherical Cow Group)

  7. Paraphrased from Tom Barton at the University of Chicago: “One of the greatest security threats facing our institutions is the threat of security getting in the way of the institution.” (Tom Jordan, University of Wisconsin)