Implementing an Identity & Access Management (IAM) system is an important step for any organisation. It enhances security, saves time, and supports compliance. However, in practice, we often see that IAM projects are more complex than expected.

Many organisations make the same mistakes, causing project delays or failing to deliver the desired results. In this article, we discuss the 5 most common mistakes and provide tips on how to avoid them.

1. Seeing IAM as a purely IT project

IAM is often seen as an IT affair, whereas it actually touches on HR processes, compliance, and business rules.

If only IT is at the table, you miss crucial input on how employees join, move, and leave the company. The result: a solution that works technically but doesn't fit the way the organisation truly operates.

Solution: Involve HR, IT, and security/compliance from day one. IAM is an organisation-wide project that requires collaboration.

2. Wanting to fully elaborate roles and rights immediately

A common mistake is thinking you need to define all roles and rights in detail before you can start. This often leads to months of discussions and delays.

The reality: with a phased approach, this is not necessary. You can begin with the basics: linking your HR system. This immediately automates the creation, modification, and deactivation of accounts.

From there, you can later expand step by step with roles, rights, and more advanced authorisation models. This way, you build value in a controlled and faster manner.

Solution: Start small, using your HR system as the source, and then expand gradually with roles and rights.

3. Building too much customisation

Some organisations try to tailor IAM completely to all their needs. However, customisation makes the system complex, expensive, and difficult to maintain.

Solution: Choose an IAM solution with standard integrations to commonly used systems, such as AFAS, Youforce, Personio, Youserve, and Nmbrs. This way, you quickly benefit from automation without the risks of customisation.

4. Not paying attention to user experience

IAM is not only about security and compliance but also about usability. If employees have to log in too often or go through complex steps, they will find alternative routes (shadow IT) that are actually unsafe.

Solution: Combine security and convenience with Single Sign-On (SSO) and Multi-Factor Authentication (MFA). This way, employees gain quick access without compromising security.

5. Underestimating monitoring

In many IAM implementations, monitoring is seen as a technical function only interesting for IT. That's a missed opportunity. Monitoring is the key to insight and control — not just for IT, but for the entire organisation.

At Joinly, we often see organisations struggling with unclear dashboards or complex reports. The result? HR, security, and management have no direct view of who has access to what.

🔑 How we do it differently:

• Flexible and understandable: our monitoring is not just for techies. Everyone — from HR to management — can understand and use the dashboards.

• Realtime insight: you immediately see which employees have access, which accounts have changed, and where risks lie.

• Audit-ready: whether it's ISO 27001, GDPR, or internal audits, all information is clearly and easily available.

• Facilitating collaboration: because the monitoring is understandable to multiple disciplines, there is more collaboration between HR, IT, and security.

In short: at Joinly, monitoring is not a technical afterthought but a useful tool for the entire organisation.

Solution: choose an IAM solution where monitoring is not just a compliance checkbox, but a practical tool that helps everyone in the organisation make better decisions.

Conclusion

IAM implementations often fail due to the same mistakes: too little collaboration between departments, too much focus on fully elaborating roles, excessive customisation, too little attention to user experience, and a limited view of what IAM actually is.

By avoiding these pitfalls and choosing a smart, HR-driven IAM solution like Joinly, you lay a solid foundation for secure and efficient access management. Start small, expand step by step, and make use of standard integrations.