Previous PDF

swipe to navigate


This document explores challenges that prevent organizations from easily automating business processes related to the movement of people through an organization and the resulting access that should be granted and revoked on systems and applications. It explains how a reference implementation of an identity and access management (IAM) system enables lower cost, lower risk process automation, as compared to a fully custom approach.

IAM implementation patterns

IAM systems are deployed in many contexts. Among these, they may be used to create and delete identities and to grant and revoke access for:

  1. The workforce of an organization, be it a corporation or non-profit, government or military entity. In this case, it is normally the identities and security access rights (entitlements) of employees and contractors that are managed. This is sometimes called the "business to employee" or B2E pattern, or the corporate pattern.
  2. The partners of an organization -- i.e., users who work for organizations that are affiliated with the one hosting an IAM system. Such IAM systems typically support some sort of a partner portal. This is also called the "business to business" or B2B pattern.
  3. The customers of an organization -- whether they are retail customers of a commercial entity, or citizens interacting with a government, or patients interacting with a healthcare provider. This is also called the "business to consumer" or B2C pattern, and it also applies to "e-Health" and "e-Government."
  4. Faculty, students, staff and alumni of an institution of higher learning. This is also called the "EDU" pattern.
  5. Employees, doctors and other caregivers and clinicians in a single hospital or group of affiliated hospitals. This is also called the "Healthcare" pattern.

The patterns described above are called out because there is often a great deal of commonality between the requirements of different IAM deployments within the same pattern. On the other hand, business processes, required controls and typical integrations differ greatly between any two patterns.

Previous Next PDF