Most medium to large organizations have deployed an IT service management (ITSM) platform, including popular applications from ServiceNow, BMC/Remedy, Atlassian/JIRA and HP/Service Manager. ITSM applications generally include a service catalog and service request portal, among other components.
Most medium to large organizations have also deployed an identity and access management system (IAM), including applications such as Hitachi ID Identity Manager. IAM systems include the ability to create and delete accounts, grant and revoke group memberships on integrated systems and more.
Both IAM and ITSM systems include request portals, which raises the question: which UI should be presented to users who wish to request new access or changes to their identity information? ITSM deployments are often mandated to replace multiple, inconsistent request forms with a single service request portal and it is natural to assume that this portal will include requests for access or identity changes -- i.e., ITSM requests can and perhaps should replace the request UI in IAM systems.
ITSM software vendors and implementation consultants often promote this approach -- one UI to request everything, including identity and access changes.
This seems like a good approach -- what could possibly go wrong?
2019-03-06 - A.C.
Changes to user identity information should be made only in the systems where that particular information is mastered. Ideally, this would in most cases be an HR HCM. Once that is done and approved, the IAM sync with HR HCM should pick the delta and trigger workflows to effect the Creation,Updates,Deletions as designed in the rules/workflows to all the systems in integration.