Executive summary
Problem statement
Identity provisioning
Identity matching
Username assignment
Identifiers for services and target directories
Username changes
Social IDs
Identity lifecycle
State and affiliation changes
Deactivation or deletion
Credential provisioning
Password rules and policies
Initial password setting
Assignment of additional authentication factors
Deprovisioning of credentials
Target directory provisioning
Linking identities between directories
Communicating updates to target directories
Service provisioning
Provisioning models: when to provision
Reconciliation
State changes and fine-grained authorization
Deprovisioning and repatriation
Groups and roles
Types of groups
Guidance for architecting
Auditing
Reporting
Attestation
Workflows to deprovisioning