Administer Identities
During their lifecycle, Identities go through stages: first, when the Identities are created; next is when they become authorized to use corporate resources; then their assigned access can be analyzed, and audited, and the final stage is the termination. However, with the reinstatement of an Identity, the cycle can begin again. Access (de)provisioning, data synchronization, pattern recognition and other tools provided by ObserveID help to implement the administering practices and support the Identity lifecycle. Below is a short overview of major activities to follow along the way.
|
Activity |
Purpose |
Description |
|
Create Identities |
A new Identity is created when a new employee, or contractor is hired, or planned to hire by the organization. The system:
| |
|
Provision birthright access to new Identities |
The Onboarding workflow is created when a new Identity is created in ObserveID; and gets executed either immediately, or according to the Start Date. The Onboarding workflow provisions the new Identities with the birthright access according to the eligible Birthright Roles. | |
|
Synchronize status changes |
All Identities have one of the following statuses: Any change in the Identity status originates from the HR Source target. During the HR Source Check the system:
| |
|
De-provision all access from terminated Identities |
The Offboarding workflow is created when an Identity is terminated in ObserveID. Once created, the Offboarding workflow executes immediately. The Offboarding workflow de-provisions all accounts from the terminated Identities according to the integration-specific Leaver Rules, and the Global Leaver Rule. | |
|
Provision birthright access to pending Identities |
The Reinstatement workflow is created when an Identity is re-activated in ObserveID. Once created, the Reinstatement workflow executes immediately. The Reinstatement workflow provisions the re-activated Identities with the birthright access according to the eligible Birthright Roles. |