This document introduces best practices for managing users,
identity attributes and entitlements in a typical "corporate"
The focus is on organizations with 1,000 to 10,000 internal users,
such as employees or contractors. They may be
corporations or non-profit organizations such as government,
healthcare or military entities.
Users in these environments are normally provisioned
physical assets, such as a cubicle, desk, chair, phone, PC and
building access badge.
Users in these environments are also provisioned logical
access, such as an Active Directory login account, Exchange
mail folder, Windows home directory and a variety of application
The objective of this document is to identify business processes
that drive changes to users and entitlements in an organization
that fits this description and to offer best practices for each
Organizations that are able to adopt best practices processes will
benefit both from optimized change management and from reduced
total cost associated with automating their processes on an identity
and access management (IAM) platform.