IAM Bitesize - Identity & Access Management Weekly Guides

Share this post

11: What is Identity Provisioning?

iambitesize.thecyberhut.com

Discover more from IAM Bitesize - Identity & Access Management Weekly Guides

Weekly bitesize explanations and discussion on the key topics, acronyms and themes in the global identity and access management industry, in 5 mins or less.
Continue reading
Sign in

11: What is Identity Provisioning?

The Cyber Hut
Nov 10, 2023
Share this post

11: What is Identity Provisioning?

iambitesize.thecyberhut.com
Share

Audio Cast:

1×
0:00
-6:52
Audio playback is not supported on your browser. Please upgrade.

Takeaway Points:

  • Identity data needs typically needs to be synchronised across a range of different systems

  • This syncing capability is present in both B2E and B2C ecosystems (as well as potentially non-person entity and machine identities too)

  • In a B2E environment, it is ideal (and increasingly common) to have a single authoritative source of identity data

  • This source is like the “truth” from which other systems base their account.

  • HR is typically used for this - as ideally that data is assured to a certain degree and maps nicely into the life cycle of the employee - to support the JML (joiner-mover-leaver) processes

  • Technical systems will then leverage the data in this auth-source as a basis to create accounts used to login, gain access and perform tasks

  • The provisioning process is the fabric to support those account creation and management tasks

  • Without a provisioning fabric, accounts would need to be created manually in isolation - which will result in errors, inconsistency and a lack of productivity

  • Connectors are used to attach and communicate with each system in this provisioning fabric

  • Connectors are small pieces of (often custom) software that can create, read, update and delete (CRUD) identity data

  • Connectors often follow a particular framework and provisioning platforms will come with numerous out of the box connectors for different systems - from HR, directories, databases, cloud and legacy systems

  • Rules will often exist between the different systems that govern things like account naming formats and what to do if duplicate accounts are found

  • There will also be rules for when to remove or disable accounts based on certain workflow events - like a user leaving an organisation or moving teams

  • Correlation logic (to link for example JSmith with an account called smithj123) will also exist

  • In the B2C world, provisioning and correlation logic may look to link and manage accounts across different websites, brands or services

  • Use cases:

    • B2E - automate the management of system accounts based on HR feeds

    • Automatic permissions changes, role changes or account disabling based on changes to user position

    • Creation and linkage of customer accounts across a range of systems - including marketing, analytics, ecommerce

IAM Bitesize - Identity & Access Management Weekly Guides is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.

Share this post

11: What is Identity Provisioning?

iambitesize.thecyberhut.com
Share
Comments
Top
New

No posts

Ready for more?

© 2023 The Cyber Hut
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing