Let the community know what you think. Share your opinions now!
You need to have a proper vision of Identity & governance with you. Now generally you have two approaches either you execute the Role mining processes across various directories map with Roles & Responsibilities along with segregated duties among departments.
Or you take a non-traditional approach to grasp the major directories: start with self-reset, enrollment, provisioning de-provisioning, the elevation of provisions through a workflow process and go for least provision to most common directories that associate with all employees.
This is what I generally recommend to my customers: a pyramid approach - from top to bottom. So geared up and equipped with your most problematic issues against identities and reduce the risk against automation and then for the first process which I explained earlier.
In my experience, this approach will bring quick. Otherwise, some projects end up a software "in a desert", without any results in IAM projects.
The first is the ability to cover many integrations and heterogeneous platforms (clouds, databases, web services, iSeries, mainframe, proprietary applications etc.), secondly the ease to create the integrations with the least effort and third the capacity to adapt the provisioning flow to involve business rules, SoD and identity governance processes
Shop system. Order and approval processes.
Automation, audit trails and approvals, shared responsibilities across departments, open API for integration.
Diminution du risque et simplicité d'accès.
Reduce Administrative overhead
Shift responsibility to the correct place (account owner / platform owner)