1. Executive summary
  2. Problem statement
  3. Identity provisioning
    1. Identity matching
    2. Username assignment
    3. Identifiers for services and target directories
    4. Username changes
    5. Social IDs
  4. Identity lifecycle
    1. State and affiliation changes
    2. Deactivation or deletion
  5. Credential provisioning
    1. Password rules and policies
    2. Initial password setting
    3. Assignment of additional authentication factors
    4. Deprovisioning of credentials
  6. Target directory provisioning
    1. Linking identities between directories
    2. Communicating updates to target directories
  7. Service provisioning
    1. Provisioning models: when to provision
    2. Reconciliation
    3. State changes and fine-grained authorization
    4. Deprovisioning and repatriation
  8. Groups and roles
    1. Types of groups
    2. Guidance for architecting

  9. Auditing

    1. Reporting

    2. Attestation

    3. Workflows to deprovisioning

  • No labels