Identity management allows enterprises to automate the enforcement of the policies and processes that establish user identities and access to digital resources.
The challenge is that enterprises have a multiplicity of identity stores:
• HR Systems
• Directory Services
• Operating Systems
• Applications
• Partners
They also have de-centralized authorization stores
• Directory Services
• Platforms, groups and file systems
• Applications
Identity management solutions solve these problems by establishing which identity store is regarded as the authoritative source of user information and creating a meta identity store. The meta identity store is updated from the authoritative source and maps to all other identity stores in the enterprise. In this way a unique identity for each enterprise user is created.
When a user's role in an organization changes, due to a change in job function, on-boarding or off-boarding, the identity system provides a workflow process to get the necessary approval for the change. Once approval has been given the user account is provisioned to all affected identity stores in the enterprise with updated information for roles and privileges.
Although identity systems provide the provisioning mechanism, privileges, roles and the approval process are business processes. Enterprises need to establish a model that crosses application boundaries and fits their governance system before implementing them in an identity management system.
Typical identity management systems also provide:
• Credentials management
• Management of user access to technology assets (HW, SW and Services)
• A reduction of the number of usernames/passwords for each user (Single Sign-On for some users).
• A defined and repeatable process for requesting and granting system access
• Accountability for the scheduled review of access
• Password Management and Synchronization
• Automated employee on-boarding and off-boarding
Identity management systems:
• Support the reporting and auditing for resource access.
• Provide centralized authorization policy management.
• Provide centralized password standards management.
• Allow for timely changes or disablement of access to resources.
• Provide account creation through workflow based provisioning.
• Reduce the number of people needed to create user accounts.
• Reduce the volume of calls to the call center or help-desk .
• Reduce the cost of generating audit reports.
• Reduce the cost of remediating audit findings.
• Reduce orphan account clean-up and administration.
• Reduce segregation of duties violations.
• Allow for the delegation of administration of user credentials.