You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/governance/what-is-identity-lifecycle-management.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,19 +35,19 @@ The typical process for establishing identity lifecycle management in an organiz
35
35
36
36
2. Connect those systems of record with one or more directories and databases used by applications, and resolve any inconsistencies between the directories and the systems of record. For example, a directory may have obsolete data, such as an account for a former employee, that is no longer needed.
37
37
38
-
3. Determine what processes can be used to supply authoritative information in the absence of a system of record. For example, if there are digital identities but visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
38
+
3. Determine what processes can be used to supply authoritative information in the absence of a system of record. For example, if there are digital identities for visitors, but the organization has no database for visitors, then it may be necessary to find an alternate way to determine when an digital identity for a visitor is no longer needed.
39
39
40
-
4.Configure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
40
+
4.Ensure that changes from the system of record or other processes are replicated to each of the directories or databases that require an update.
41
41
42
42
## Identity lifecycle management for representing employees and other individuals with an organizational relationship
43
43
44
44
When planning identity lifecycle management for employees, or other individuals with an organizational relationship such as a contractor or student, many organizations model the "join, move, and leave" process. These are:
45
45
46
46
- Join - when an individual comes into scope of needing access, an identity is needed by those applications, so a new digital identity may need to be created if one is not already available
47
-
- Move - when an individual moves between boundaries, that require additional access authorizations to be added or removed to their digital identity
48
-
- Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer by required by applications other than for audit or forensics purposes
47
+
- Move - when an individual moves between boundaries that require additional access authorizations to be added or removed to their digital identity
48
+
- Leave- when an individual leaves the scope of needing access, access may need to be removed, and subsequently the identity may no longer be required by applications other than for audit or forensics purposes
49
49
50
-
So for example, if a new employee joins your organization, who has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD. The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work. Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process. This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
50
+
So for example, if a new employee joins your organization and that employee has never been affiliated with your organization before, that employee will require a new digital identity, represented as a user account in Azure AD. The creation of this account would fall into a "Joiner" process, which could be automated if there was a system of record such as Workday that could indicate when the new employee starts work. Later, if your organization has an employee move from say, Sales to Marketing, they would fall into a "Mover" process. This would require removing the access rights they had in the Sales organization which they no longer require, and granting them rights in the Marketing organization that they new require.
0 commit comments