IAM Process Map

Data Sheet

Domain

IAM

Title

IAM Process Map

Version

1.4

Status

This initial version of the IAM process map is still incomplete. In particular, PAM, CIAM and Federation services must be analyzed with more attention. I believe it is sufficient to obtain an initial feedback from the community to check whether there are strong disagreements on how the map is structured.

Introduction

This page presents a map of IAM processes. Progressively, individual processes will be documented on dedicated pages and links will be provided to facilitate navigation between the map and individual process documentation.

This map does not prescribe one particular organizational structure; that is, IAM process components may be located in or spread among different organizational units.

This map privileges comprehensiveness over consistency; sometimes at the cost of process overlaps. Organizations may of course choose to not implement some processes or to structure them differently.

The objective of this map is to help IAM consultants or managers to check the comprehensiveness of an organization’s existing IAM process model, to design a target IAM process model and to develop an IAM transformation roadmap.

The methodology used to establish this map is described in Mapping the IAM Processes.

Process Map

IAM

Governance

IAM Strategy

Program Management

General Management

Anti-Fraud Management

Physical Security

Compliance

Policies, Requirements & Procedures

Standards Adoption

Innovation Management

Support

Self-Services

Support

Workforce Identities Support

Customer Identities Support

3rd Parties Support

Workforce IAM

People Identity Lifecycle Management

Joiner Process

Planned Joiner

Immediate Joiner

Mover Process

Planned Mover

Immediate Mover

Leaver Process

Planned Leaver
Immediate Leaver

People Classification

Block Leaver Process

Long Leaver Process

Robots Identity Lifecycle Management

 

Devices Identity Lifecycle Management

 

Authentication Management

MFA Management
Single Sign-On Management
SmartCards Management
Tokens Management

Access Rights Management

Manual Provisioning

Manual Revocation

Access Automation

Role Management

Role Engineering

Organization Restructuring Projects

Role Deployment

IT Systems Management

IT System Onboarding

IT System Offboarding

IT System Review

3rd Party IAM

3rd Party Onboarding

3rd Party Offboarding

3rd Party Monitoring

PAM / TAM

Privileged and Technical Accounts Discovery

Privileged and Technical Accounts Onboarding

Privileged and Technical Accounts Recertification

Privileged and Technical Accounts Offboarding

Customer IAM

To be developed

Audit, Control & Monitoring

Audit

IT Systems Reconciliation

Manual Reconciliation Controls

Reconciliation Automation

Logs & Events Management

Manual Controls

Use Cases Automation

Recertifications

Line Manager Recertifications

Resource Owner Recertifications

Business Role Owner Recertifications

External Identities Recertifications

3rd Party Recertifications

SoD & Toxic Rights

Manual Controls

Control Automation

IAM Technological Infrastructure Management

IAM Platform & Systems

Identity Repositories

Systems Integration

Automation

User and Group Provisioning on to the IAM Platform

 

 

Technological Solutions

DevOps

DevSecOps

Federations

SLDC

SDK
API

Micro-Services

Containers


https://open-measure.atlassian.net/browse/CM-53


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.

David Doret
June 17, 2021

Hi Willem-Jan, thanks for the question. I believe yes, we should add role management as a dedicated process. I will adapt the process map accordingly.

David Doret
June 17, 2021

I’m absent-minded, sorry. This is referenced under “Role Management” below, I believe. Were you thinking of something else?