• Business users don't understand or care about entitlements, identities or governance ... but
  • Their input is essential:
    • Self-service -- manage security questions and passwords.
    • Request input -- for themselves or others.
    • Authorization -- approve or reject change requests.
    • Access certification -- review entitlements of others.

  • Need to maximize comprehension and minimize time spent.

  • Simple self-service UI.
  • Roles: request sets of entitlements with a friendly name.
  • Pre-defined requests: simplify common transformations, such as change of address, scheduled termination, etc.
  • Windows shell extension and SharePoint integration: trigger requests from "access denied" error dialog.
  • "Model after" UI: compare entitlements between two users.