- Executive summary
- Problem statement
- Identity provisioning
- Identity matching
- Username assignment
- Identifiers for services and target directories
- Username changes
- Social IDs
- Identity lifecycle
- State and affiliation changes
- Deactivation or deletion
- Credential provisioning
- Password rules and policies
- Initial password setting
- Assignment of additional authentication factors
- Deprovisioning of credentials
- Target directory provisioning
- Linking identities between directories
- Communicating updates to target directories
- Service provisioning
- Provisioning models: when to provision
- Reconciliation
- State changes and fine-grained authorization
- Deprovisioning and repatriation
- Groups and roles
- Types of groups
- Guidance for architecting
Auditing
Reporting
Attestation
Workflows to deprovisioning