User account life cycle in identity and access management
Discover how FusionDirectory facilitates identity and access management throughout the user account lifecycle. Simplify account provisioning, access modification and deletion thanks to seamless integration with LDAP directories and business applications.
This automation saves time, improves security, and ensures smooth account management throughout the lifecycle of your organization.
What is identity and access management in the user account lifecycle?
When a new employee is hired, one of the first steps is to create an HR file. Depending on the organization, it is then up to HR, the IT department and/or the employee's managers to grant access to the applications and accounts he or she will need, and to explain and apply the company's security rules.
Every time employees get promoted, change jobs, or adopt and abandon various IT tools, their access needs change. Organizations may also need temporary or permanent access to applications for their subcontractors and partners. Finally, employees may leave their company for a variety of reasons, with different departments taking the initiative.
Ultimately, whatever the cause of the changes to a user's identity, it's up to the IT team to deal with them. On average, it takes an IT administrator half an hour to process each provisioning or deprovisioning request. And that doesn't take into account calls to the helpdesk to reset passwords and configure employees' various terminals. By automating the provisioning and lifecycle management of user accounts, you can save your IT team and other departments a great deal of time and trouble.
How automated user account lifecycle management works
Identity and access management solutions, such as FusionDirectory, offer integration with the LDAP directory and the main applications used in academia and research, as well as Webservices to connect to other applications.
When HR creates a record for a new employee, the connectors automatically provision the user for applications, based on his or her attributes. FusionDirectory centralizes all user attributes and access rights, so that they can be easily modified or automatically updated whenever the employee is promoted or changes position within the company. Updates are based on rules or on one or more authorities.
Identity and access management in the user account lifecycle not only facilitates initial provisioning, but also enables access to specialized applications when user needs change. Users can submit a self-service access request directly to an identified person for approval. Once approved, an account is automatically generated with the validated access level, without the need to call on the IT team. And when employees leave the organization, management can rest assured that their access to all applications will be fully and immediately suspended, if not completely deactivated.