What are the key components of an effective identity and access management (IAM) system?

For those implementing identity and access management (IAM) in their organizations, what are the key components you focus on? I know user authentication, authorization, and access control are central, but how do you design a system that is both secure and scalable, especially in larger organizations?