Data Sheet

Domain	IAM
Title	IAM Process Map
Version	`1.4`
Status	This initial version of the IAM process map is still incomplete. In particular, PAM, CIAM and Federation services must be analyzed with more attention. I believe it is sufficient to obtain an initial feedback from the community to check whether there are strong disagreements on how the map is structured.

Introduction

This page presents a map of IAM processes. Progressively, individual processes will be documented on dedicated pages and links will be provided to facilitate navigation between the map and individual process documentation.

This map does not prescribe one particular organizational structure; that is, IAM process components may be located in or spread among different organizational units.

This map privileges comprehensiveness over consistency; sometimes at the cost of process overlaps. Organizations may of course choose to not implement some processes or to structure them differently.

The objective of this map is to help IAM consultants or managers to check the comprehensiveness of an organization’s existing IAM process model, to design a target IAM process model and to develop an IAM transformation roadmap.

The methodology used to establish this map is described in https://open-measure.atlassian.net/wiki/spaces/ART/pages/62259252.

Process Map

IAM	Governance	IAM Strategy
		Program Management
		General Management
		Anti-Fraud Management
		Physical Security
		Compliance
		Policies, Requirements & Procedures
		Standards Adoption
		Innovation Management
	Support	Self-Services
		Support	Workforce Identities Support
			Customer Identities Support
			3rd Parties Support
	Workforce IAM	People Identity Lifecycle Management	Joiner Process	Planned Joiner
				Immediate Joiner
			Mover Process	Planned Mover
				Immediate Mover
			Leaver Process	Planned Leaver
				Immediate Leaver
			People Classification
			Block Leaver Process
			Long Leaver Process
		Robots Identity Lifecycle Management
		Devices Identity Lifecycle Management
		Authentication Management	MFA Management
			Single Sign-On Management
			SmartCards Management
			Tokens Management
		Access Rights Management	Manual Provisioning
			Manual Revocation
			Access Automation
		Role Management	Role Engineering
			Organization Restructuring Projects
			Role Deployment
		IT Systems Management	IT System Onboarding
			IT System Offboarding
			IT System Review
	3rd Party IAM	3rd Party Onboarding
		3rd Party Offboarding
		3rd Party Monitoring
	PAM / TAM	Privileged and Technical Accounts Discovery
		Privileged and Technical Accounts Onboarding
		Privileged and Technical Accounts Recertification
		Privileged and Technical Accounts Offboarding
	Customer IAM	To be developed
	Audit, Control & Monitoring	Audit
		IT Systems Reconciliation	Manual Reconciliation Controls
			Reconciliation Automation
		Logs & Events Management	Manual Controls
			Use Cases Automation
		Recertifications	Line Manager Recertifications
			Resource Owner Recertifications
			Business Role Owner Recertifications
			External Identities Recertifications
			3rd Party Recertifications
		SoD & Toxic Rights	Manual Controls
			Control Automation
	IAM Technological Infrastructure Management	IAM Platform & Systems
		Identity Repositories
		Systems Integration
		Automation	User and Group Provisioning on to the IAM Platform

		Technological Solutions	DevOps
			DevSecOps
Federations
SLDC			SDK
			API
Micro-Services
Containers

https://open-measure.atlassian.net/browse/CM-53

Data Sheet

IAM Process Map

Introduction

Process Map

IAM Strategy

Program Management

General Management

Anti-Fraud Management

Physical Security

Compliance

Standards Adoption

Innovation Management

Self-Services

Support

Workforce Identities Support

Customer Identities Support

3rd Parties Support

Planned Leaver

Immediate Leaver

People Classification

Block Leaver Process

Long Leaver Process

Robots Identity Lifecycle Management

Devices Identity Lifecycle Management

SmartCards Management

Tokens Management

Access Rights Management

Manual Provisioning

Manual Revocation

Access Automation

Role Management

Role Engineering

Organization Restructuring Projects

Role Deployment

IT Systems Management

IT System Onboarding

IT System Offboarding

IT System Review

3rd Party Onboarding

3rd Party Offboarding

3rd Party Monitoring

Privileged and Technical Accounts Discovery

Privileged and Technical Accounts Onboarding

Privileged and Technical Accounts Recertification

Privileged and Technical Accounts Offboarding

Audit

IT Systems Reconciliation

Manual Reconciliation Controls

Reconciliation Automation

Logs & Events Management

Manual Controls

Use Cases Automation

Resource Owner Recertifications

Business Role Owner Recertifications

External Identities Recertifications

3rd Party Recertifications

SoD & Toxic Rights

Manual Controls

Control Automation

IAM Technological Infrastructure Management

IAM Platform & Systems

Identity Repositories

Systems Integration

Automation

User and Group Provisioning on to the IAM Platform

Technological Solutions

DevOps

DevSecOps

Federations

SLDC

SDK

API

Micro-Services

Containers