Back to Radiant Blog

It’s in the Playbook: Delivering the Master User Record for FICAM

Radiant has long been involved in the world of FICAM, or “Federal Identity, Credential, and Access Management.” I spent some time this week exploring the General Services Administration’s excellent series of FICAM Playbooks, where they lay out the ICAM Architecture to help agencies facilitate best practices for government employees, contractors, and other authorized partners. According to the GSA:

“ICAM is the set of tools, policies, and systems that an agency uses to enable the right individual to access the right resource, at the right time, for the right reason in support of federal business objectives.”

To this end, one of the key use cases for federal enterprise identity is the unique representation of an employee, a contractor, or an enterprise user, which could be anything from a mission or business partner to some sort of device or technology (the IoTs have entered the chat…). In fact, OMB Memo 22-09, instructs that “agencies should have a plan to create and maintain a master user record of all agency users at the enterprise level.”

But how do you enable the right access for the right user at the right time, especially in complex environments built over successive waves of innovation? That requires a deeper understanding of your users and the data they engage with, to ensure appropriate access, while always safeguarding sensitive information. That means having access to as many attributes as possible to enable the smartest decisions about which users are allowed to see what data.

The stakes are high in the federal space and knowing as much as possible about every user is critically important to the country’s safety and security. After all, they’re not only ensuring appropriate access for administrators in beltway office buildings—they’re also enabling the tip of the spear, our fighting forces out in the world, along with all the smart sensors and solenoids that power our tanks, planes, and warships.

The Matter of the MUR 

When an agency onboards an employee or contractor, it collects identity information about that individual and stores those identity attributes as a digital proxy for their enterprise identity. According to the Identity Lifecycle Management Playbook, the Master User Record or MUR, is a “unique representation of a user’s accounts, personas, attributes, entitlements, and credentials within an organization.”

Sounds great, right? But creating this rich representation for each and every user is much easier said than done. No man is an island and no identity is entirely stored in one easy-to-reach modern data store. In fact, I’ve heard tell that somewhere in the bowels of the Department of Defense, they’re still maintaining equine identity data from the first world war. The horses? Long dead. But their identity attributes live on, because decommissioning that ancient data might break a still-necessary application. (BTW: If this story is overstated or apocryphal, I’d rather not know, because the idea of ol’ Trigger and Bess living on via ones and zeroes absolutely delights me…)

In our digital age, successive waves of innovation have crested, crashed, and gone back out to sea, leaving an alphabet soup of once- and still-dominant data sources: LDAP, AD, Web Service APIs. But the rich data contained within these stores helps draw a vivid picture of each user, giving you greater insight—if you can figure out how best to harness it. For most sizable organizations, however, identity data is siloed across multiple stores and not available at scale for the rapid decisions that drive modern security across key initiatives, from access management to Zero Trust.

Overcoming Complexity: There’s a Better Way

To keep pace with today’s risks and innovations, today’s organizations need ways to enable granular vetting that happens much more frequently—and at a higher level. But in a world of identity sprawl and heavy IT debt, it’s long been difficult to deliver all the identity data you need, in whatever format each consuming application requires.

Data is scattered across disparate stores with uncertain accuracy, quality, or integrity. Represented by different protocols, incompatible with other needed data, not available at scale so you can make smart decisions quickly—teams are overloaded and end users are frustrated. And here’s a hot tip: if you’re still architecting the data source for every initiative from scratch, you’re spending a ton of time and money on a fragile system that can’t be re-used.

The Unified Identity Data Foundation That Drives… Everything

You need a foundational layer that seamlessly unifies identity data across every source, transforming all that IT debt into a swift, scalable, easily consumable service that keeps your data secure and your end users happy.

Whether you know it as the Master User Record or something else, life’s a whole lot easier with a complete, well-vetted source of identity truth for your organization. One that’s unified across all your disparate attribute sources, so you can take advantage of all the richness within. One that gives you a global list of all your users, but also lets you go deep on each individual user with complete global profiles. One that’s always up-to-date and available, no matter what’s happening on the backend. Think of it this way: you can’t drive a car without the proper fuel—diesel in a gas tank will brick your engine—so we provide the curated identity attributes that make your identity data engine go.

From Virtual Directories to an Identity Data Fabric

Now, the playbook guidelines call for a virtual directory and we’re very proud that our founders invented that technology and we’ve spread the gospel of identity virtualization for years. But our dev team gets restless—antsy, even!—if they can’t innovate every day, so we’ve gone way beyond the virtual directory since then.

We’ve also partnered with many federal agencies over the years, so our RadiantOne Intelligent Identity Data Platform has a long history in the federal space. And the Identity Data Fabric we empower you to create is the foundational identity data unification layer across many agencies, speeding secure deployments and accelerating time-to-value.

RadiantOne empowers key identity-driven initiatives, anything that needs a curated, up-to-the-second view of identity, from all your IAM and IGA consuming applications to your Identity Fabric and Cybersecurity Mesh. We’re even part of the reference architecture for NIST’s NCoEE Zero Trust Initiative. So when you see the words “Master User Record,” think Radiant. And when you need to secure key initiatives quickly, without doing months (or years!) of one-off hard coding, please reach out—we are here to help!

Subscribe to receive blog updates

Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box.