Every organization embarking on a physical identity and access management (PIAM) deployment faces the same moment: when the initial vision meets operational reality. HR data lives across disconnected systems. Business workflows exist only in institutional knowledge. Stakeholders from security, IT, facilities, and compliance each have competing priorities and timelines. The process of deploying PIAM isn’t a matter of doing it right or wrong — it's about navigating complexity that no demo fully prepares you for.
To explore what separates successful PIAM adoptions from stalled implementations, Matthew Lewis, Director of Product Marketing, IAM Solutions, sat down with two experts who've guided hundreds of organizations through these challenges — Michael Wallis, Professional Services Manager, and Salman Khattak, Senior Manager of Professional Services.
Whether you're beginning your PIAM journey, mid-deployment, or looking to optimize an existing program, their insights offer pragmatic, actionable advice.
Matthew: What are some common misconceptions about PIAM that you encounter during deployments?
Michael: One thing we encounter a lot is the thinking that PIAM is just another access control system. In reality, PIAM is a strategic platform that connects policies, workflows, and identity governance.
Salman: I agree. Customers often see it as just an integration layer, but it’s really about governance and automation that evolves with their business.
Another common one is that PIAM is a one-time “set it and forget it” project. It’s actually designed to serve as a control plane that evolves with updates to rules, new sites, M&A activity, new integrations, changing regulations, policies, and risks. We work closely with customers to design it as an ongoing program that makes it easy for them to work within these changing dynamics as the norm.
Those observations spark some follow-up questions: When it’s time to get started, what are common challenges teams face when deploying PIAM, and how do you help them overcome these?
Michael: Incomplete stakeholder involvement is a big one that’s often linked to underestimating the scope of PIAM. The security team might be brought in early on, while IT, HR, or clinical/operations teams get involved later, this can jumble the progress. We try to preempt this with our pre-kickoff planning process that includes a clear responsible, accountable, consulted, and informed (RACI) model which helps drive the project management plan for both HID and the customer. To prime stakeholders on the scope, we align on the key use cases use cases, so everyone sees how the systems and processes fit together.
Salman: Another challenge we see is that many customers expect to “integrate everything” on Day One. Instead, we guide customers to start with the highest-value essential systems, roles, and location(s). As part of this initial rollout, our team works with the customer to help codify business rules in SAFE, clean and reconcile identity data, and select the few authoritative systems (such as Active Directory and Workday or EPIC/Cerner in a healthcare setting) to start with before broadening to other systems and use cases. Once this phase one implementation is completed, the customer can assess and prove value from the automated workflows and reporting before expanding.Let’s dive deeper into the importance of stakeholders. What role does their collaboration play in a successful PIAM rollout, and who should be involved early on?
Michael: This is a topic worth breaking down a bit. Stakeholder collaboration and alignment (with a set of shared objectives) are both critical since PIAM touches identities, governance, and the day-to-day user experience at the same time. Early on, it’s important to bring together the owners of identity data, business line leaders, and even external service providers who often control key systems and processes. The purpose is to ensure all stakeholders are aligned with a set of shared objectives to avoid “over-integration” (where organizations want to integrate as much as possible immediately), and to ensure the desired automation matches real-life workflows.
Salman: To add to Michael’s point, we create a “design authority” group as a best practice when kicking off every project. The group includes physical security and facilities teams, stakeholders representing IT, HR, Legal, and governance, risk and compliance (GRC), site champions, and an executive sponsor in order to mirror all of the departments and experiences PIAM impacts. This group works together to identify policies, sources of truth, and risk profiles, thresholds, and exceptions. This helps us define which systems are authoritative and what “good” looks like – balancing compliance and experience.
Thinking beyond deployment, do you have a success story where PIAM significantly improved a client’s operational efficiency or security posture?
Salman: Sure...there are several! In healthcare, we have seen hospitals move from basic visitor management tools to HID SAFE to transform both security and their flow of visitors and patients. Using HID SAFE, a top children’s hospital introduced kiosks with policy-driven workflows and watchlists to shorten visitor check-in times and they increased security with card-based access to high-risk areas such as pharmacies, NICUs, and procedure rooms for hospital staff. As part of this process, HID SAFE unified policies, healthcare regulations, and their systems (HR, clinical, and physical access control) so that staff, contractors, and visitors are now all governed by the same decision and policy engine. The result was a 50% reduction in outpatient check-in times, clearer control over sensitive areas, and a complete, audit-ready history of who is where and why.
Michael: On the enterprise side, a global bank rolled out HID SAFE across six countries, nine different physical access control systems, and numerous other business systems that govern access. As a result, employees and contractor onboarding shifted from a highly manual process that took days, to a completely automated workflow -- from HR to policies, rules and compliance -- that only takes a matter of hours. The bank reported several wins, which included their ability to fully standardize policies across numerous sites, Day One access reliability exceeded 95%, provisioning steps and orphaned badges fell dramatically, and the auditing process moved from chasing spreadsheets to exporting ready-made evidence. And each time they acquired a new site, policy alignment happened on Day One, with no reader replacement needed and no operational chaos.
Final Thoughts
Matthew: What I’m taking from this is that it is important to understand that PIAM is not simply a product. It is a program that aligns people, policy, and technology around one objective: governed and seamless access for every trusted identity. The success stories you shared from healthcare and financial services also make the path clear: to start with the highest-risk areas where you can achieve quick wins that drive rapid value creation, then expand with the right stakeholders at the table and a shared definition of “good.” Approached this way, physical identity and access management adapts to how organizations operate and delivers real gains in efficiency, compliance, and the user experience.
For organizations looking for guidance on a strategic approach to PIAM and a roadmap to get started, download your copy of the HID SAFE Adoption Guide and reach out for an expert consultation.