Skip to main content

LinkedIn Twitter Facebook YouTube
Hitachi ID certification

Product Sites

Standard IAM Business Processes: Corporate / Intranet Deployment

This document introduces best practices for managing users, identity attributes and entitlements in a typical "corporate" environment:

  1. The focus is on organizations with 1,000 to 10,000 internal users, such as employees or contractors. They may be corporations or non-profit organizations such as government, healthcare or military entities.
  2. Users in these environments are normally provisioned physical assets, such as a cubicle, desk, chair, phone, PC and building access badge.
  3. Users in these environments are also provisioned logical access, such as an Active Directory login account, Exchange mail folder, Windows home directory and a variety of application security entitlements.

The objective of this document is to identify business processes that drive changes to users and entitlements in an organization that fits this description and to offer best practices for each process.

Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.

Table of contents:

2Integrations and manual fulfillment
3User schema
4Unique identifiers and object location
5Role-based access control
6Onboarding new users
6.1HR driven automation
6.2Manager initiated requests
6.3The role of security officers
7Change authorization workflow process
8Changes to user profiles and entitlements
8.1Self service
8.2Manager initiated
8.3HR initiated
8.4IT security initiated
8.5No direct relationship
9Managing membership in security groups and mail distribution lists
10Role changes
11Temporary and permanent access deactivation
11.1HR initiated, scheduled termination
11.2HR initiated, immediate termination
11.3Manager requested, scheduled termination
11.4Interactive, immediate termination
11.5Clean-up of terminated user profiles
12Returning users / rehire scenarios
13Periodic access reviews
14Self-service password management
15Reports and alerts

Please register

Access to this document requires registration. Please fill in the form below. The full document will be emailed to you automatically.

required Your company/organization name:
required Your name:
Your title:
Your work telephone number:
required Your work e-mail address:
required Total number of staff in your company:
Please check the information you entered above before continuing.
Click to continue:
page top page top