Identity Lifecycle Management
Automated processes ensure that user identities are properly created, changed, and disabled when employees join the company, move departments, get promoted, and leave the company.
Efficient Management and Control of Identities Lifecycles
An essential part of securing an organization’s infrastructure is to ensure that user identities are properly created, changed, and disabled when employees join the company, move departments, get promoted, and leave the company. Identity lifecycle management processes enable the granting of access rights according to defined roles, rules and policies to ensure employees have the right access levels at any given point in time.
Identity lifecycle management encompasses all the processes of an identity lifecycle from starting as an employee or contractor all the way through to termination of employment. This includes all the steps throughout the employee life including name changes, temporary maternity leaves, leaving and rejoining the organization, and more.
In an adaptable identity lifecycle management solution, business functions can be matched according to changing business needs. This includes processes for IT and business collaboration, segregation of duties (SoD), and industry specific role and policy models allowing any arbitrary levels of roles, role types, and classifications.
Modern lifecycle management models integrate multiple applications and systems (some identity parts managed within an application like ERP and some in identity stores like Microsoft AD) into logical business applications management for easy application and system resource onboarding, self-service access request, and governance reporting.
IGA extends your security defenses
Handling on-boarding, changes, and off-boarding processes not only ensures that an employee can fulfill their job role, it also has the benefit that if a user account is compromised, an intruder will only have limited access to systems. The security boundary that these processes create is seen as adding further security to traditional security defenses such as firewalls and intrusion prevention systems and is referred to as the “identity perimeter”.
Identity Lifecycle Management not only focuses on employees as the actual environment is often more complex as companies typically also need to manage third parties such as contractors, seasonal workers or business partners, who need access to company resources to work effectively with the company.
Core Identity Lifecycle Management Processes
A key element of managing identities is the joiner, mover, leaver concept, which manages employees’ access rights as they join the company, move roles within the company, and leave the company. Manually making these changes is time-consuming, costly, and prone to human error which could result in the company exposing itself to unnecessary risk with individuals being granted rights to systems that they should not be permitted to access. Identity lifecycle management involves processes that manage an identity through each of these stages.
It is important for an organization to ensure that the initial join process is efficient so that a new employee is productive from day one with access to all the necessary systems to do their job. Otherwise, their first few days of employment could be wasted on waiting for access to systems. A similar process to onboard contractors and setting up technical identities, or non-personal accounts, is also defined in the IdentityPROCESS+ framework.
Throughout the life of employment, employees often change roles, get promoted or move departments. A new job role will typically require additional access to systems already in use or access to new systems. It is not only important to grant the new access, but it is as vital to ensure that any access rights the employees no longer need are revoked. If this does not happen, then an employee will accumulate more and more access rights over time. This could result in a user having rights which violate company policies such as segregation of duties and increases the risk of data breaches occurring if their account is compromised in case users have access to a larger number of systems than necessary which is valuable to an attacker.
When an employee or contractor leaves the company, access to all business systems and applications needs to be terminated so they can no longer log into the company systems. The termination process handles the off-boarding of an identity of a leaver and is an essential step in securing your organization.
Application Lifecycle Management
The Application Lifecycle Management processes in the solution enables on-boarding of new applications as a virtual resource including setting default access rights based on the existing Identity Management framework. As business and systems owners change roles over time, the Application Lifecycle Management processes can be used to ensure the appropriate transfer of privileges and alerting of dependencies. The same end-to-end process manages off-boarding of applications, where the appropriate identity dependencies are managed and decommissioned.
Access the best practices in the industry
At Omada, we have two decades of experience in delivering complex enterprise IGA solutions to a wide variety of customers.
Based on this experience, Omada has built a framework of best practice processes that can be configured without coding, and has also developed a project methodology that includes a standard roadmap and project templates for a successful migration journey.
Accelerate time to value by utilizing a fit-gap analysis against a best practice process framework
Download IdentityProcess+ e-book ►
Why Identity Lifecycle Management is important:
- To ensure employees always have the appropriate access they need to carry out their job efficiently
- To enforce compliant access by ensuring employees do not have access to systems or data which they should not have
- To enforce the principle of ‘least-privilege’ at any point in time
- To limit the impact in case user accounts are compromised
- To log and keep track of who approved what and for which reason