Course A902 (half day)

Friday, 14 July 2023, SoftwareIDM will host the HyperSync Patterns and Practices Primer course in Berlin, Germany. This course is designed to prepare you to migrate customers from Microsoft Identity Manager to HyperSync, or implement HyperSync matching requirements to the Pattern Toolkit.

Course 821 (half day)

Optionally we will also cover the Identity Panel Suite installation itself.

Courses times are 9AM until 5PM daily. This course is the Third in a four-day expert series and will focus on SoftwareIDM's HyperSync and Service Panel. This series will prepare you to demonstrate HyperSync Panel to your customers and prospects.

This course is part of an invitation-only series being held the week of 11 July 2023 (Tuesday) in Berlin

SoftwareIDM Patterns and Practices Toolkit

Access Required

© SoftwareIDM

├── + User Lifecycle
│├── + Application (pre-HR)
││├── + Verified ID (or equivalent for 100 pt check etc.)
││├── + Letter of Offer
││├── + Acceptance
││└── + Pre-start access
│├── + Joiner
││├── + Account Provisioning
│││├── + HR Provisioning (Org structure occupant, independent of whether or not application process precedes it)
││││└── + HR Contingent Worker (Org structure occupant)
│││└── + Contingent Worker Provisioning (non-HR)
│││├── + Guest provisioning (vendor/service provider)
│││└── + Other provisioning (contingent worker/interested party)
││├── + Multiple HR feeds
││├── + HR feed masking/overriding
││├── + Generate non-HR employee ids
││├── + Immutable/correlation id
││├── + Unique name generation
││├── + Provisioning in advance of start date (in HR, not in HR yet)
│││├── + Provision before start date
│││└── + Use SvP to pre-create an employee in advance of HR
││├── + Mailbox provisioning (on prem AD or M365)
│││└── + M365 group based licensing, set remote mailbox
││├── + Home folder provisioning
││├── + Birthright access
│││├── + Azure license group/assignment
│││├── + VPN
│││└── + Internet users etc.
││├── + Sign conditions of use agreement
││├── + Activation
│││├── + Advance account activation
│││└── + Manager-driven initial Access/Activation (incl. notifications)
││├── + Notifications (new account, manager, initial pwd, etc.) [TODO: enumerate password delivery options]
││├── + Admin/Secondary account provisioning
││├── + Out-of-band setup, e.g. mailbox scripts
││└── + Location or Job based provisioning templates
││├── + Email suffix
││├── + OU/Domain target
││├── + Azure tenancy
││└── + Share/home folder locations (persona)
│├── + Mover/Changes
││├── + Change profile (personal details)
││├── + Change profile (employment details)
││├── + Change Org Structure (manager/subordinates)
││├── + Change roles
││├── + Non-employee manager reassignment
││├── + Account dormancy
││├── + Dormant account reclaim
││├── + Name change
││├── + Account name/email change (with notification/approval)
││└── + Multi-domain/forest
││├── + Primary domain
││├── + Domain move
││├── + Cross-domain join
││└── + SID history management
│├── + Leaver
││├── + Non-employee recertification
││├── + Immediate/Emergency termination (walked)
││├── + Termination on elapsed date
│││└── + Delayed termination
││├── + Delayed archiving workflows
││├── + Out-of-band cleanup
││├── + Entitlement cleanup
││└── + Litigation holds
│├── + Rejoiner
││├── + Rejoin as Non-HR contingent worker
│││├── + Rejoin as former employee
│││└── + Search and verify for previous account
││├── + Rejoin as HR employee
│││└── + Rejoin as former Non-HR contingent worker
││├── + Merge identity (user with multiple accounts)
││└── + Recertification of entitlements
│├── + Password Management
││├── + SSPR
││├── + Service desk password reset
││└── + Password synchronization
│└── + Non-person and Special Account Management
│├── + Service accounts
││├── + Request authorization
││├── + Metadata (ownership, application assignment)
││└── + Decommissioning
│├── + Test accounts
│├── + VIP accounts
││├── + Change approval for VIP accounts
││└── + Board members
│├── + Auditors
│└── + Guest accounts
│├── + Guest Lifecycle management
│└── + Guest Invitations
├── + Reference Data Management (Locations, Org Units, etc.)
│├── + Ref Data Lifecycle Management
│└── + Overrides (time-bound)
├── + Group Lifecycle
│├── + Criteria Groups
││└── + Exception management
│├── + Group policy templates
││└── + Job based granularity of group grants
│├── + Group creation
││├── + Request/approve
││├── + Security groups
││└── + Distribution groups
│├── + Group ownership 
││├── + Pooled ownership
││└── + Position derived ownership
│├── + Membership request
││└── + Approval
│├── + JIT/PAM
│├── + Out-of-band
││├── + Mailbox setup
││└── + Post removal cleanup
│├── + Expiry and Extension
│├── + Attestation
│└── + Roles 
│├── + Link to groups
│├── + Criteria assignment
│├── + Hierarchical roles
│└── + Attestation/certification
├── + System Operations
│├── + Availability monitoring (panel check, status page)
│├── + Backup and Recovery (on-premises only)
│├── + Timing (operational efficiency)
│├── + System health
││├── + Supported OS
││├── + Supported dependencies
││└── + Secure networking
│├── + Connected system availability
│├── + Schema changes
│├── + Updates and compatibility
│├── + Secret Management
│├── + Threshold triggering
│├── + Change Management (promotion of configuration)
│└── + Housekeeping
└── + Compliance and Reporting
├── + JML Reporting 
│└── + Leavers reporting
├── + License utilization
├── + Pending changes
│├── + Exports
│└── + Imports
├── + Sync Errors
├── + Requests and Approval history
├── + SLA adherence
│└── + Change volume
├── + Policy violations [TODO: expand definition of policy violations]
├── + Data integrity
│├── + Mismatched accounts
│├── + Enablement conflicts
│├── + Expiry
│├── + Ambiguous joins
│├── + Incorrect joins
│├── + Uniqueness conflicts
│├── + Manager tree integrity
│├── + Valid manager (e.g. employee)
│└── + Unresolved references
├── + Dormant accounts 
├── + AD flags (Password never expires, not required)
├── + Event syndication (to SIEM)
│├── + IdP request logs
│└── + Sync activity
├── + Data syndication to BI
│├── + Org has a Power BI team that wants Identity data
│└── + Org was dumping MV data into tables for reporting
├── + Groups with no members
├── + Groups with no owner
└── + Groups with no changes (e.g. add/remove in n years)

Note: referenced JSON files for the above can be found here.