In my first article I described the requirement for an identity-management (IdM) solution. In this article I will highlight some of the ways in which a properly implemented IdM solution can meet those requirements.
One of the very first deliverables in an IdM project is to establish the single view of an identity. Your IdM solution will integrate with all the authoritative sources for each identity attribute and bring them together in a central location to provide a single view of all the identities within your organisation.
With the single view established, your IdM solution will ensure that it remains consistent across the organisation by syncing all relevant changes to all the interested systems. Once the single view of an identity becomes consistent across the organisation, the entire identity life cycle becomes extremely efficient.
New users are only captured once in the system and all changes will be propagated automatically, or by using workflow processes where approval is required to ensure that new users have everything they need (PC, desk, telephone, access rights, accounts and so forth) to start working on the very first day they arrive for duty.
A good IdM solution will provide a user self-service facility, enabling users to eliminate their interactions with support staff throughout the change phase of the lifecycle. Statistics prove that roughly 40% of all help-desk calls are password related, and a self-service facility will enable the users to reset their passwords themselves in a secure, authenticated manner without involving the help-desk staff — thereby greatly reducing the help-desk load.
Once users hand in their resignation (or get fired), the IdM solution will ensure that all accounts are disabled and deleted where required, and can integrate with your asset-management systems to ensure that all equipment used by the staff will be collected and taken back to the stores. Not only does this reduce the security risk of dormant accounts, but it also enables greater asset management by ensuring that everybody stays in the loop.
Legislative requirements around auditing are increasing and most good IdM solutions will provide end-to-end auditing straight out the box, with a select few solutions providing the capability to audit the auditor, giving you complete visibility of the changes that affect the identities and their security profiles in the organisation. This will enable you to have clear visibility of the triggers that caused users to have specific access rights and privileges.
The above are some of the benefits almost every organisation can realise from implementing an IdM solution. In my next article I will discuss some of the pitfalls and problems you should be aware of when going through an IdM project.