IAM User Lifecycle
User lifecycle management is an important component of Identity and Access Management (IAM). It is the process of managing a user’s identity, permissions, and access throughout their entire experience with an organization.
User lifecycle management involves creating, managing, and terminating user accounts based on predetermined criteria, helping organizations ensure that only authorized individuals have access to specific systems or resources across their IT environment.
By providing powerful visibility into user accounts, user lifecycle management in IAM helps
organizations protect their systems from unauthorized access and data breaches. Additionally, it can help improve the effectiveness of IT operations by simplifying account provisioning and de-provisioning processes.
User Lifecycle Steps
Here are the management steps that take place in the full User Lifecycle.
- New User Creation & Account Activation
- Automated Onboarding
- Account Transfers
- Deactivation, Deletion, and Archiving
1. New User Creation
- Creating a new user account
- Assigning a unique identifier
- Setting up login credentials
- Setting up role-based-access
- Activating the user
Once the user account is created, it needs to be activated and made available for the user to access digital resources and perform necessary activities.
After activation, the new user will receive a welcome email informing them of the next steps.
IDHub includes many out-of-the-box emails and email templates, all are completely customizable, and if needed, new emails or templates can be created from scratch.
2. Automated Onboarding
New user accounts are generally created using connectors that integrate with the organization's source of truth, like Azure AD for example, to automate user account provisioning.
This process, along with Roles, instantly provides the newly created user access to only the resources needed for their specific job responsibilities.
3. Request New User
Some organizations give managers the authority to request to onboard new users. IDHub easily accommodates this with Access Requests.
After the Service Request is initiated and the creation of a new user is approved, the new account will provision to the resources assigned through Roles. If using connectors, those accounts are automatically provisioned.
Without connectors, IDHub would still start the provisioning of those resources, however IT or another named fulfiller, would do the actual provisioning work.
4. User Account Transfers
This phase involves managing the user account during its active lifecycle, including:
- Monitoring user activities
- Updating access permissions
- Disabling access
Monitoring User Activities
IDHub monitors and manages the user profile using Certification and Reporting.
Certifications are used to audit and review user access, which can be scheduled or on-demand. Admins can instantly process revocations directly from the Certification Task.
The Reporting tool is capable of collecting any data needed to determine any activities made by the user. That data can be exported into a PDF of XLS file for later use.
Updating Access Permissions
IDHub Roles are a collection of organizational resources, generally automatically assigned to user accounts using attribute based conditions.
When the user account attributes match the condition in the Role, access to the resources and permissions in the Role are granted and provisioned to that account.
Consequently, when the user account attributes change and no longer meet the condition in that Role, the Role and the resources within it will deprovision, while the appropriate Role provisions the new access.
5. Deactive, Delete, Archive
Deactivation
Once the account is no longer required, it may be deactivated in IDHub via the Service Request, and access privileges are removed.
The user will still be found in IDHub, however the user will not be able to perform any activities or obtain any access.
Deletion/Archiving
Depending on the organization policies and regulatory requirements, the account may be deleted or archived for future reference or auditing purposes. IDHub can accommodate both scenarios.
Overall, the phases of the user account lifecycle are designed to ensure that digital resources are secure and accessible to authorized users, while minimizing the risk of unauthorized access or data breaches.
Get Up And Running Quickly
Unlike other IAM solutions, IDHub Templates simplify the process of creating connectors for most applications in SaaS and On-Prem environments.
Our Connector SDK enables IT teams to quickly develop different types of integrations needed for a system, without getting inundated by the nuances of a complex Identity Management System.
The Connector SDK includes a Connector Certification Kit that is used to test newly developed connectors.
A connector can be built by anyone with intermediate development skills. It can be developed in any language capable of REST APIs.
Complex tasks like bulk provisioning of users can be done in minutes instead of weeks.
Learn more...
IDHub Extras
