Future and Past Course Dates
SoftwareIDM Patterns and Practices Toolkit
Access Required
© SoftwareIDM
├── + User Lifecycle
│├── + Application (pre-HR)
││├── + Verified ID (or equivalent for 100 pt check etc.)
││├── + Letter of Offer
││├── + Acceptance
││└── + Pre-start access
│├── + Joiner
││├── + Account Provisioning
│││├── + HR Provisioning (Org structure occupant, independent of whether or not application process precedes it)
││││└── + HR Contingent Worker (Org structure occupant)
│││└── + Contingent Worker Provisioning (non-HR)
│││├── + Guest provisioning (vendor/service provider)
│││└── + Other provisioning (contingent worker/interested party)
││├── + Multiple HR feeds
││├── + HR feed masking/overriding
││├── + Generate non-HR employee ids
││├── + Immutable/correlation id
││├── + Unique name generation
││├── + Provisioning in advance of start date (in HR, not in HR yet)
│││├── + Provision before start date
│││└── + Use SvP to pre-create an employee in advance of HR
││├── + Mailbox provisioning (on prem AD or M365)
│││└── + M365 group based licensing, set remote mailbox
││├── + Home folder provisioning
││├── + Birthright access
│││├── + Azure license group/assignment
│││├── + VPN
│││└── + Internet users etc.
││├── + Sign conditions of use agreement
││├── + Activation
│││├── + Advance account activation
│││└── + Manager-driven initial Access/Activation (incl. notifications)
││├── + Notifications (new account, manager, initial pwd, etc.) [TODO: enumerate password delivery options]
││├── + Admin/Secondary account provisioning
││├── + Out-of-band setup, e.g. mailbox scripts
││└── + Location or Job based provisioning templates
││├── + Email suffix
││├── + OU/Domain target
││├── + Azure tenancy
││└── + Share/home folder locations (persona)
│├── + Mover/Changes
││├── + Change profile (personal details)
││├── + Change profile (employment details)
││├── + Change Org Structure (manager/subordinates)
││├── + Change roles
││├── + Non-employee manager reassignment
││├── + Account dormancy
││├── + Dormant account reclaim
││├── + Name change
││├── + Account name/email change (with notification/approval)
││└── + Multi-domain/forest
││├── + Primary domain
││├── + Domain move
││├── + Cross-domain join
││└── + SID history management
│├── + Leaver
││├── + Non-employee recertification
││├── + Immediate/Emergency termination (walked)
││├── + Termination on elapsed date
│││└── + Delayed termination
││├── + Delayed archiving workflows
││├── + Out-of-band cleanup
││├── + Entitlement cleanup
││└── + Litigation holds
│├── + Rejoiner
││├── + Rejoin as Non-HR contingent worker
│││├── + Rejoin as former employee
│││└── + Search and verify for previous account
││├── + Rejoin as HR employee
│││└── + Rejoin as former Non-HR contingent worker
││├── + Merge identity (user with multiple accounts)
││└── + Recertification of entitlements
│├── + Password Management
││├── + SSPR
││├── + Service desk password reset
││└── + Password synchronization
│└── + Non-person and Special Account Management
│├── + Service accounts
││├── + Request authorization
││├── + Metadata (ownership, application assignment)
││└── + Decommissioning
│├── + Test accounts
│├── + VIP accounts
││├── + Change approval for VIP accounts
││└── + Board members
│├── + Auditors
│└── + Guest accounts
│├── + Guest Lifecycle management
│└── + Guest Invitations
├── + Reference Data Management (Locations, Org Units, etc.)
│├── + Ref Data Lifecycle Management
│└── + Overrides (time-bound)
├── + Group Lifecycle
│├── + Criteria Groups
││└── + Exception management
│├── + Group policy templates
││└── + Job based granularity of group grants
│├── + Group creation
││├── + Request/approve
││├── + Security groups
││└── + Distribution groups
│├── + Group ownership
││├── + Pooled ownership
││└── + Position derived ownership
│├── + Membership request
││└── + Approval
│├── + JIT/PAM
│├── + Out-of-band
││├── + Mailbox setup
││└── + Post removal cleanup
│├── + Expiry and Extension
│├── + Attestation
│└── + Roles
│├── + Link to groups
│├── + Criteria assignment
│├── + Hierarchical roles
│└── + Attestation/certification
├── + System Operations
│├── + Availability monitoring (panel check, status page)
│├── + Backup and Recovery (on-premises only)
│├── + Timing (operational efficiency)
│├── + System health
││├── + Supported OS
││├── + Supported dependencies
││└── + Secure networking
│├── + Connected system availability
│├── + Schema changes
│├── + Updates and compatibility
│├── + Secret Management
│├── + Threshold triggering
│├── + Change Management (promotion of configuration)
│└── + Housekeeping
└── + Compliance and Reporting
├── + JML Reporting
│└── + Leavers reporting
├── + License utilization
├── + Pending changes
│├── + Exports
│└── + Imports
├── + Sync Errors
├── + Requests and Approval history
├── + SLA adherence
│└── + Change volume
├── + Policy violations [TODO: expand definition of policy violations]
├── + Data integrity
│├── + Mismatched accounts
│├── + Enablement conflicts
│├── + Expiry
│├── + Ambiguous joins
│├── + Incorrect joins
│├── + Uniqueness conflicts
│├── + Manager tree integrity
│├── + Valid manager (e.g. employee)
│└── + Unresolved references
├── + Dormant accounts
├── + AD flags (Password never expires, not required)
├── + Event syndication (to SIEM)
│├── + IdP request logs
│└── + Sync activity
├── + Data syndication to BI
│├── + Org has a Power BI team that wants Identity data
│└── + Org was dumping MV data into tables for reporting
├── + Groups with no members
├── + Groups with no owner
└── + Groups with no changes (e.g. add/remove in n years)
Note: referenced JSON files for the above can be found here.
Comments
0 comments
Article is closed for comments.