We all know that one of the most critical parts in any software deployment project is the testing. In an Identity and Access Management (‘IAM’) project which involves so many stakeholders and large number of IT systems integrations, it is even more critical. A good testing starts with a well-defined test plan, which typically should include clear objectives, scope (aligned with functional and non-functional requirements), roles & responsibilities, timelines, and success criteria. The testing should also include detailed test steps for the testers. In this blog, we will discuss the dos and don’ts for a successful testing in an IAM project.

Early Test Planning is Key

An early planning is very important. It is not a sequential activity which needs to wait for system set up to be completed. The plan can be prepared in parallel with the technical deployment activities. As the requirements get finalized, respective test cases can be defined clearly. A ‘lower’ environment for testing should also be prepared in parallel. Early planning assists to ensure availability of required resources (such as test data and testers). All these should be available based on the test plan to provide a quality testing covering both functional and non-functional requirements for an IAM project.

Dos and Don’ts

Here are some of the key Dos and Don’ts.

Dos:

1. Understand the requirements: Ensure a clear understanding of the IAM system based on the approved Functional Requirements Document (‘FRD’). Also, ensure that Non-Functional Requirements (‘NFR’), if any, are clearly documented and covered by the testing. A well-documented requirement is key to ensure alignment of testing and common understanding of the expected outcome of the IAM project.
2. Create test cases and test plan: A well-defined yet easy to understand test cases to cover all the possible scenarios. A good practice is to have a traceability matrix defined in the test plan which maps requirements in FRD and NFR to the test cases.
3. Perform comprehensive but focused testing: Cover all key scenarios – both negative and positive testing outcomes. While a complete testing of all possible scenarios is time consuming and effort intensive, it is important to identify all key scenarios and ensure that test plan covers them comprehensively. It is important to understand the expected outcome of each scenario.
4. Versioning of test scripts: Always keep the test documents updated. It is not uncommon to identify new requirements during the testing or to make changes based on the test results. Depending on the nature of these changes, the test script may be updated and it is important that the changes are properly tracked. In some cases, this goes hand in hand with the changes to the FRD or NFRs.
5. Report detects/ issues clearly: Provide clear information on the issues/ defects including steps to replicate, screenshots and logs. The defect/ issue log should capture the details clearly and with sufficient details for the engineers to address them. If the defects/ issues are not clear, it may result in multiple round of testing.
6. Perform smoke testing: Unit testing and system integration testing should be performed before passing the IAM solution to the users for testing. This will prevent testing of flawed build that will consume time and resources of end users. Smoke tests are typically performed after a new build or significant code changes, before more in-depth testing begins. This is specially important for any corrections made during the testing.
7. Communicate with the business: Maintain open communication with the business stakeholders such as HR, System Administrator and System Owners. This will help to clearly understand the underlying processes and accurate test data aligned with the real-world scenario.
8. Test in lower environment: There is no shortcut to this. Testing should always be performed in a non-production/ lower environment to avoid any business disruptions.
9. Document everything: Keep all the records of the test scripts, execution results, failed scenarios, test evidence, test data generated and defects.

Don’ts:

1. Don’t Ignore the requirements: Testing without complete and detailed understanding the scope, and requirements is recipe for failure.
2. Don’t focus solely on automated testing: Often manual testing needs to be done to have a clearer insight.
3. Don’t skip possible scenarios that can happen in real life: Structured testing is important, but sometimes exploratory testing reveals critical issues.
4. Don’t assume: Even after retesting and regression some issues might still exist. It is best to test everything rather than assume it works!
5. Don’t neglect security testing: Testing security and compliance should not be forgotten during the testing.
6. Don’t overlook user experience: Ease of use is important just as much as functionalities.
7. Don’t ignore Issue severity and priority: Categorize defects/ issues based on impact, rather than treating them equally.
8. Don’t test in isolation: Communicate! Testing is a collaboration effort with the technical team, business analyst and other stakeholders.
9. Don’t assume that there is a standard process of testing for every project: Adaptability is the important based on the project needs and risks.

Conclusion

Testing phase in IAM project is essential to ensure that every requirement is tested and delivered as per the agreed requirements. This is a very critical phase where end-users validate that the IAM system meets their requirements. It is always easier to address any defects/ issues before the systems is in use rather than identifying defects/ issues later and trying to address them after go-live.