Every time a person joins an organization, moves through it or
leaves it, business users must fill in forms to request matching
changes to the user's security entitlements on corporate systems and
applications and IT security administrators must implement those
While individual Add / Edit / Delete requests may be simple,
the cost is cumulative:
- It can be hard for users to figure out what changes they need
and how to ask for it.
- Change requests are often improperly filled in and must be
rejected by administrators because they are ambiguous or
not adequately authorized.
- The total number of A/E/D requests can be large, as it is
a product of user mobility and the number of systems and
The net result is that security change management is often
- Identity Manager can eliminate a significant part of the Add/Edit/Delete
workload by monitoring a system of record, such as HR, and
automatically changing user access
to systems and applications.
- Identity Manager enables users to fill in change request forms on-line.
These forms are validated, calculated fields filled in and
requests are sent to suitable business stake-holders to approve.
This simplifies request input and eliminates rejected forms.
- Identity Manager can automatically fulfill approved change requests
on widely subscribed systems and applications, eliminating
manual effort on the part of system administrators.
- System administrators can use Identity Manager to get a
of a user's security entitlements, across systems and
applications. A user-centric rather than system-centric
view saves time for remaining manual administration.
Using Identity Manager, organizations can eliminate part of the
security change management process, move some of it to self-service
and expedite what remains.