Standard IAM Business Processes: Corporate / Intranet DeploymentThis document introduces best practices for managing users, identity attributes and entitlements in a typical "corporate" environment:
- The focus is on organizations with 1,000 to 10,000 internal users, such as employees or contractors. They may be corporations or non-profit organizations such as government, healthcare or military entities.
- Users in these environments are normally provisioned physical assets, such as a cubicle, desk, chair, phone, PC and building access badge.
- Users in these environments are also provisioned logical access, such as an Active Directory login account, Exchange mail folder, Windows home directory and a variety of application security entitlements.
The objective of this document is to identify business processes that drive changes to users and entitlements in an organization that fits this description and to offer best practices for each process.
Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.
Table of contents:
|2||Integrations and manual fulfillment|
|4||Unique identifiers and object location|
|5||Role-based access control|
|6||Onboarding new users|
|6.1||HR driven automation|
|6.2||Manager initiated requests|
|6.3||The role of security officers|
|7||Change authorization workflow process|
|8||Changes to user profiles and entitlements|
|8.4||IT security initiated|
|8.5||No direct relationship|
|9||Managing membership in security groups and mail distribution lists|
|11||Temporary and permanent access deactivation|
|11.1||HR initiated, scheduled termination|
|11.2||HR initiated, immediate termination|
|11.3||Manager requested, scheduled termination|
|11.4||Interactive, immediate termination|
|11.5||Clean-up of terminated user profiles|
|12||Returning users / rehire scenarios|
|13||Periodic access reviews|
|14||Self-service password management|
|15||Reports and alerts|
Access to this document requires registration. Please fill in the form below. The full document will be e-mailed to you automatically.