I think it’s fair to say that the majority of problems encountered in an IdM installation are to do with data. Data that’s wrong, data that’s missing, data that includes illegal characters or 17 tabs at the end – the possibilities for bad data really are endless.
One of the messages I found myself attempting to drum into people’s heads was CHECK THE DATA. Eventually I worked out how to drive this home by supplying a simple tool that displayed the same data MIIS was seeing. The idea is to make it as easy as possible for other staff to work out data problems for themselves – you really don’t want to be the one tracking down every mistyped email address and forgotten first name. (And it’s amazing how these data problems can start becoming your problem just because you’re the one working on the sync mechanism – it’s like getting the engineer who built the railroad track to look for lost luggage!)
I improved on the source data by including extra calculated fields that did the data checking for me (see Keep Provisioning Logic Out Of The Provisioning Code). For example a person record missing vital mail-related data is, in the SQL view, going to end up with a value of inExchange = No. In fact I made it even better by including exactly why it was No, for example:
inExchange = No (no email address)
inExchange = No (email domain unsupported)
inExchange = No (MDB not specified)
I wrote an extra form for MiisApp that displays a Person’s source data. When launched it pops up a form that allows searching by staff number or UID. The data, from the same SQL table that MIIS imports from, is then simply displayed. You can see the code for the entire form here.
I guess I was lucky that all the source data was in SQL, but wherever yours is, you should be able to write something that looks up, collates and displays the pertinent information. Being able to modify incorrect fields on the spot may be a useful addition to the functionality, if company rules permit it.
Whatever your environment you can save yourself a lot of irritating questions by helping simplify quality checks on the data that effects the smooth running of your IdM system.