IAM Process Map
Data Sheet
Domain | IAM |
---|---|
Title | IAM Process Map |
Version |
|
Status | This initial version of the IAM process map is still incomplete. In particular, PAM, CIAM and Federation services must be analyzed with more attention. I believe it is sufficient to obtain an initial feedback from the community to check whether there are strong disagreements on how the map is structured. |
Introduction
This page presents a map of IAM processes. Progressively, individual processes will be documented on dedicated pages and links will be provided to facilitate navigation between the map and individual process documentation.
This map does not prescribe one particular organizational structure; that is, IAM process components may be located in or spread among different organizational units.
This map privileges comprehensiveness over consistency; sometimes at the cost of process overlaps. Organizations may of course choose to not implement some processes or to structure them differently.
The objective of this map is to help IAM consultants or managers to check the comprehensiveness of an organization’s existing IAM process model, to design a target IAM process model and to develop an IAM transformation roadmap.
The methodology used to establish this map is described in Mapping the IAM Processes.
Process Map
IAM | Governance | IAM Strategy | ||
Program Management | ||||
General Management | ||||
Anti-Fraud Management | ||||
Physical Security | ||||
Compliance | ||||
Policies, Requirements & Procedures | ||||
Standards Adoption | ||||
Innovation Management | ||||
Support | Self-Services | |||
Support | Workforce Identities Support | |||
Customer Identities Support | ||||
3rd Parties Support | ||||
Workforce IAM | People Identity Lifecycle Management | Joiner Process | Planned Joiner | |
Immediate Joiner | ||||
Mover Process | Planned Mover | |||
Immediate Mover | ||||
Leaver Process | Planned Leaver | |||
Immediate Leaver | ||||
People Classification | ||||
Block Leaver Process | ||||
Long Leaver Process | ||||
Robots Identity Lifecycle Management |
| |||
Devices Identity Lifecycle Management |
| |||
Authentication Management | MFA Management | |||
Single Sign-On Management | ||||
SmartCards Management | ||||
Tokens Management | ||||
Access Rights Management | Manual Provisioning | |||
Manual Revocation | ||||
Access Automation | ||||
Role Management | Role Engineering | |||
Organization Restructuring Projects | ||||
Role Deployment | ||||
IT Systems Management | IT System Onboarding | |||
IT System Offboarding | ||||
IT System Review | ||||
3rd Party IAM | 3rd Party Onboarding | |||
3rd Party Offboarding | ||||
3rd Party Monitoring | ||||
PAM / TAM | Privileged and Technical Accounts Discovery | |||
Privileged and Technical Accounts Onboarding | ||||
Privileged and Technical Accounts Recertification | ||||
Privileged and Technical Accounts Offboarding | ||||
Customer IAM | To be developed | |||
Audit, Control & Monitoring | Audit | |||
IT Systems Reconciliation | Manual Reconciliation Controls | |||
Reconciliation Automation | ||||
Logs & Events Management | Manual Controls | |||
Use Cases Automation | ||||
Recertifications | Line Manager Recertifications | |||
Resource Owner Recertifications | ||||
Business Role Owner Recertifications | ||||
External Identities Recertifications | ||||
3rd Party Recertifications | ||||
SoD & Toxic Rights | Manual Controls | |||
Control Automation | ||||
IAM Technological Infrastructure Management | IAM Platform & Systems | |||
Identity Repositories | ||||
Systems Integration | ||||
Automation | User and Group Provisioning on to the IAM Platform | |||
|
| |||
Technological Solutions | DevOps | |||
DevSecOps | ||||
Federations | ||||
SLDC | SDK | |||
API | ||||
Micro-Services | ||||
Containers |
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
Large scale organization changes tend to have quite the impact on RBAC implementations. Should that be mentioned as a seperate process?