Concepts: What is Access Management?
In any organization, access management processes grant new security entitlements and revoke those that are no-longer-needed.
Access Management processes span the entire tenure of a user within an organization. It begins with assigning birthright access, managing roles where possible and accepting requests for less predictable rights. As a user assumes different responsibilities or experiences a shift in job function, these same processes authorize change requests, ensure organization policies are not violated and enforce segregation of duties rules. As part of managing the full entitlement life-cycle, periodic reviews are conducted on already-assigned rights to identify those that are no longer needed. Finally, when the user leaves the organization, all rights must be revoked.
Access management is relevant to every system or application that users might sign into. This means that access management processes are needed for Windows/Active Directory, for other LDAP directories, for Unix and Linux systems, for iSeries midrange or z/OS mainframe systems, for ERP systems such as SAP or Oracle EBS and for cloud-hosted applications such as Salesforce.com, Office 365, Google Applications, WorkDay or Concur.
In many organizations, access management is handled separately on different platforms, despite the fact that the basic processes are the same. This is because different people are perceived to have the skills required to grant and revoke access on one platform while others do not.