ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
08 September 2016

Identity management testing: Why test?

A profile shot of ThirdSpace Identity Architect Ian Bassi.
Written by Ian Bassi

Is this the first time you've thought about testing? Is it something you push to the back of your mind?

Here, we explore why identity management testing is important, and how you can manage and automate it to become more efficient.

The challenge with IDM testing

Identity management testing has always been a particular challenge for IT departments. It can sometimes be perceived as an unnecessary overhead, getting pushed towards the end of projects and rushed through at the last minute.

In the past, when we used Microsoft Identity Integration Server (MIIS) and Information Lifecycle Management (ILM), the solutions were limited to the Sync Engine and several connected systems. This meant all of the solution logic was in Visual Studio, which made it easy to build and then test at the end.

“Testing can no longer be thought of as a nice-to-have, or something that you can just fit in at the end.”

Forefront Identity Manager (FIM) then came along and introduced the Portal. This meant we had parts of the solution in two different places, with the portal allowing a lot more functionality. We went from small to medium identity management solutions, then to medium to large identity management solutions, where the approach to delivering MIIS and ILM solutions no longer works.

We now have code to test in the Sync Engine, and Workflows and Permissions to test in the Portal. Testing all of this functionality can no longer be left until the end of a development as there is so much to do. Regression testing, when adding new functionality, is now more important than ever.

Testing can no longer be thought of as a nice-to-have, or something that you can just fit in at the end. If you try this approach, the project will overrun, go over budget and require remediation afterwards.

See the Microsoft identity stack in action – Watch today!

See the Microsoft identity stack in action – Watch today!

The Microsoft identity stack demos will show you how to:

  • Easily create new user accounts for internal employees and external contractors
  • Reduce risk through automation and password self-service capabilities
Watch now

Approach to testing

When delivering a solution, testing needs to be the first thing on the agenda. It’s not just about making sure the solution is working correctly. When thinking about testing, ask yourself HOW exactly you are going to test and WHAT exactly you are going to test at the start of the project. This ensures both the consultant and the client have a comprehensive and cohesive understanding of the testing process.

Testing starts as soon as the design of the solution is complete, involving the key stakeholders agreeing on an Acceptance Criteria for the user stories. This enables the client and consultant to agree and be sure on what is going to be delivered, and what the outcome of that user story is going to be. Depending on how complex the user story is, that could mean four, five or even 25 Acceptance Criteria.

For example, an Acceptance Scenario for a new user could be “When a new account is created, a unique account name (five characters from surname + Initial + NN – must be unique – for example, SMITHJ01) is created.” When you write the tests, it is possible and normal for one test to cover more than one Acceptance Scenario.

Once the client has agreed the Acceptance Criteria, we are now in a position to get the Acceptance Scenarios written. These are tests written by the consultant, that go into detail about what attributes the initial object has and what attributes will be set at the outcome. The aim is to assess the life-cycle that object will go through in the production environment. The steps should include enough detail to enable anyone with a little identity management knowledge to follow. An Acceptance Scenario example might be a new employee in HR getting an account created in Azure Active Directory (Azure AD) with the correct attributes set, including account name, email address, manager, etc.

Test Scenarios are tests that confirm a small part of the functionality is working as expected. This test being passed does not mean an Acceptance Criteria is passed. An example of a Test Scenario could be that the Portal sets new account names correctly.

Once the Acceptance Scenarios and Test Scenarios are written, they are then reviewed by someone else on the team to confirm they have enough detail, ensuring that the Acceptance Criteria is covered.

We now have our tests up and ready to go. When we start developing the solution, as we complete each User Story, we can run these tests to confirm that what we have developed is going to meet the client’s expectations.

Ideally, the client will have someone who is creating their own Acceptance Scenarios to run once the development is finished, so that they can also test the solution and confirm it is working as anticipated. During this stage, the client can log any defects with the consultant, who can then resolve any issues that may have been identified.

Benefits of this approach

  • By writing the Acceptance Criteria before we start putting together any tests or code, we can ensure the consultant and client have a unified understanding of the project outcomes. Without this process, a recent change in policy could go unnoticed until the end of the development cycle resulting in costly remediation work. By capturing this information before development has started, the design document can be updated accordingly.
  • If tests are written at the start, they can be used during development to ensure that what you have developed works as expected and that other parts of the solution have not been broken as a result of the new changes. This should reduce the number of defects raised during User Acceptance Testing (UAT), therefore reducing any chance of the project being delayed. This can also help the project to deliver its crucial go-live dates – and on budget.
  • I used this approach with one of my recent clients. It ultimately led to 95% of the defects raised being resolved the same day and in the latest go-live, no defects in the production system being immediately raised.


Hopefully, this article has got you thinking about how you are going to best test your identity management solution and how you can reap the benefits of being pro-active.

There is, of course, an overhead to testing: capturing the Acceptance Criteria, creating the Acceptance Scenarios and Test Scenarios, running the tests and supporting User Acceptance Testing. However, that overhead could work out significantly less than a project that over runs and has defects in the production environment.

There are four key factors to an identity management project:

  • Time
  • Money
  • Quality
  • Functionality

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.

Or download ‘The business case for IAM’ e-Guide and become the driving force behind modernisation, cyber security and operational efficiency in your organisation.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

A profile shot of ThirdSpace Identity Architect Ian Bassi.

About Ian Bassi

Senior Consultant

Ian Bassi is a Senior Consultant and Identity Imagineer at ThirdSpace. He is always looking for new ways to do things and try out the latest releases – he loves learning! He is responsible for...


You may also like...


How the SolarWinds breach highlights the dangers of federated authentication – and what you can do to protect against it


What is Microsoft Identity Manager (MIM)? Everything you need to know


Uniting disparate directories: What is Azure AD Connect cloud provisioning?

Recent Blog Articles

View All
Related topics

Watch – The Microsoft identity stack in action

See how you can easily create new accounts and reduce risk through automation.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.