The Access lifecycle contains everything in regards to granting, updating and removing access. The way access rights are granted may vary based on the target system and on the maturity of your IAM strategy, but the digital identity of the employee will always stand at its core.
Access rights can be managed in several ways
Whenever a new employee joins the company you want this employee t have the right access to the right resources as soon as they start. By setting up roles we can make sure that your employees receive the correct Birth Right Access on their first working day. We can do this in several ways using Attribute Based Access Control (ABAC) or Dynamic roles that automatically created the accounts and grants the required access. This access will only be updated when an employee change position or office location and will be revoked when leaving the company. Besides this birthright access additional access rights can be requested in the IT-Shop.
The IT Shop forms the front end of IAM for all your employees and can be completely branded in your company theme. Here, employees can request access to applications, folders or even take care of the management of an external employee. In the IT Shop requests are handled using pre-configured approval workflows so you’ll be able to have your managers or applications owners approve these access and recertification requests and allows our system or your support staff to provision them. This way you’ll always have complete traceability. Besides raising and approving requests your employees and managers will have access to reports that give them insights in pending actions or any policy violations.