I am just wondering what people's thoughts are on how to be structure the landscape for managing production and non-production systems from IdM.
I basically see 3 different options:
I see pros and cons to all 3 solutions.
For the first one, it is an additional system in the landscape which needs to be managed, and the systems has to be integrated
For the 2nd one, we need to make sure all data flows from source to both identitiy stores, i.e. prod and non-prod. We'd obviously need a 2nd portal instance to connect to the other IDS
For the 3rd one, we would have all the test IDs from dev and test in the productive, and it would be more tricky to manage the business logic for non-prod user access.
I am probably most sold on the 2nd option at this point, but very interested in hearing opinions for and against.