Periodically reviewing and updating job descriptions
It can be difficult for users to: Once a request has been submitted, it may take too long to approve and too long to complete.The end result of all this is frustrating, slow access management.This document lays out best practices for identity and access management systems.These systems may be deployed in a variety of contexts -- corporate, customer-facing, partner-facing, etc. Identity and access management is a term often used by different industry participants -- software vendors, integrators, customers and analysts -- to mean different things.These include: Technically, products in this space are used for administration and governance of identities, entitlements and credentials, but nobody calls these systems "identity, entitlement and credential administration and governance." People new to IAM systems sometimes confuse them with related, but nonetheless distinct types of systems: Directories -- Contain lists of users and other objects, such as groups and computers.Publish this information via a standard interface, such as the Lightweight Directory Access Protocol (LDAP).
Some IAM systems incorporate self-service password management, while others may integrate with (e.g., to share integrations to account repositories) or simply co-exist.Web single sign-on (Web-SSO) -- Older forms of single sign-on, strictly into web applications, which either install an agent on each web application or proxy connections between users and web sites.Just like federated Id Ps, Web SSO systems normally rely on a directory, which should be managed by the IAM system.One of the functions of an IAM system is to automate as many of these processes as possible, so that users can help themselves or one another and the number of IT staff assigned to these tasks is minimized.Fewer people translates into a direct, measurable cost savings.