Like most things in life, digital identities within an organization have a lifecycle. Understanding the lifecycle can help IT admins better handle the inherent challenges of running an identity management infrastructure. The key for IT is to figure out how to automate various components of the process and to be able to secure them.
Understanding the Lifecycle of Digital Identities
The identity lifecycle has four major steps:
The first step is the creation of the identity itself. In addition to the creation of the user’s account, the user must be connected to the IT resources they need access to. These IT systems can include their desktop or laptop, their email account, any other applications they need to utilize. Account access can extend to servers or other cloud applications as well. The on-boarding process associates the new user with different groups or departments that the user is a part of. These designations can help ensure the proper levels of access.
Over time, a user’s attributes within an organization may change. The person’s role may change, necessitating an increase or decrease in their levels of access. A user’s information or their address and location within the organization may change over time as well. There are also more routine updates, such as password resets, which end up draining valuable time from IT admins. All of these user modifications are a core part of the identity lifecycle.
IT Systems Modifications
In addition to user modifications, changes in IT systems and resources routinely occur. Servers are added, laptops break, new applications are added to the network, and resources change. Your users still need access to those resources, so how your identity management strategy deals with those changes is critical. You likely will have more changes with IT resources than with users. When combined, the two can significantly impact the resources that you need to manage and how your users connect to those resources.
The last step in the identity lifecycle is when you off-board a user. It’s a common scenario: someone is leaving the organization which means all of their access needs to be discontinued. Many compliance requirements are focused on this critical step since dormant accounts can be a security risk. From an IT perspective, removing access from various resources can be more difficult than simply deleting the user from the corporate directory. A catalog of access is needed to ensure that access has been completely terminated from all resources.
Thinking about identities in the context of a lifecycle can be useful. IT admins are better able to break apart the overall process into discrete areas and figure out how to automate them. At the center of any identity lifecycle is a Directory-as-a-Service platform. The DaaS platform is the core cloud-based user store that houses your digital identities and is the heart of their lifecycle.
If you would like to learn more about the identity lifecycle, drop us a note. We’d be happy to discuss it further with you.