I have seen many access control/identity/privilege management projects fail miserably because of an unstructured approach to implementation by Corporate Governance. A tool is bought and implementation attempted with no engagement with or buy-in from the technical people who will have to surmount the inconveniences of the tool when it misbehaves at 3AM on a Sunday morning.
The correct approach is to engage those who know the systems best – System Administrators, DBAs and application teams. In that order. Management sign-off comes last.
At the very least the engagement should cover the following:
1) Explain the tool and what it does
2) Outline the project goals
3) Identify what is considered implementation success
4) Describe the flow of network traffic and control, provide network diagrams so techies can understand the firewalls and routing involved
5) Offer training and make known the third-level support options for System Administrators
6) List safety mechanisms for when the network fails or the server goes down so that we can still manage the systems that the system manages
7) Choosing a subset of systems for testing and verification of successful tests
If you don’t at least cover those points, you will not get the Sysadmin team on board. If you can’t get the administrators behind you, your tool will never properly enhance your security posture, and you’ve wasted a whole lot of money.