Identity Management (IDM)
Automating Identity
What Is Identity Management?
Identity Management (IDM) focuses on the detailed processes involved in managing digital identities throughout their entire lifecycle within an organization. This includes the creation, maintenance, and eventual deactivation of user identities, ensuring that each identity is accurately represented and appropriately managed at every stage. The process follows the JML (Joiner, Mover, Leaver) framework: Joiner involves creating a new digital identity when a user joins the organization, assigning roles, permissions, and access rights based on their job function. Mover entails regularly updating and managing identities to reflect changes such as role modifications, department transfers, or promotions, ensuring that access rights remain appropriate and secure. Leaver deactivates or deletes identities when a user leaves the organization, promptly revoking access to sensitive resources to maintain security. By automating these processes, organizations can improve efficiency, reduce the risk of human error, and enhance overall security. Identity lifecycle management is essential for maintaining accurate and up-to-date user information, which is crucial for effective Identity Governance and compliance.
Of all the disciplines within Identity and Access Management, Identity Management has the broadest application. The identity management software available from Okta, SailPoint or Microsoft offers an endless list of initiatives to pursue. The good news is that most organizations end up implementing similar solutions with 80% of functionality being similar.
Benefits of Identity Management:
Identity Management’s Key Benefits:
- Zero trust implementation
- Meeting compliance requirements
- Extending governance to the cloud
- Reduced risk exposure
Common Identity Lifecycle Management Processes

A trusted repository that provides the most accurate and reliable information about identities within an organization, such as a feed from HR. This source can be used to drive Identity Lifecycle events, such as JML events. It can be used to automated the Joiner process of new users, the Leaver process of those that leave an organization, or the updates needed as users move within an organization.

Provisioning Connectors
The essential tools that are used to automate the process of synchronizing data between different systems within an organization. Connectors are the primary tools that do the heavy lifting of ensuring systems and data are kept in sync and policies are evaluated on a consistent basis. By providing automation in the connectors, it reduces the risk of human error, enhances security and improves operation efficiency.

With data from authoritative sources, the Identity Management platform can detect new hires and automatically take action.
Common new hire onboarding process:
- Generate a unique network name and email address
- Email manager about new hire
- Assign birthright roles to the user based on their HR job position or locations
- Automatically provision accounts
- Send welcome email on employees start date with instructions

The leaver process can be launched based on data provided from the authoritative source to ensure disables are handled in a timely manner.
Here is a typical leaver setup:
- Deprovision access automatically to all connected applications
- Open tickets to manually remove access to non-connected applications
- Disable primary network account
- Schedule a future job to cleanup accounts from systems (deletions)
- Email manager and IT teams about the termination
- Allow delegated access to terminated user’s files and emails

With the identity management system connected to the core applications, workflows can be implemented to enable the workforce to manage self-service type tasks which reduces helpdesk tickets and increases operational efficiency.
Here are some common workflows:
- Contractor Management Workflow – Request contractor accounts, extend contractors and terminate contractors.
- Non-User Accounts – Workflow to request and manage service, test, admin and mailbox accounts.
- Contractor to Employee Workflow – Workflow process to make the necessary changes when a user transitions from a contractor to a full-time employee.
- Advanced Access Approval Workflow – Here when an access request is made, particularly for sensitive access, a custom approval workflow is created to ensure specific teams and people sign-off before access is provisioned.
How to Get Started with Identity Management
No matter where you are in your IDM maturity, GCA can help you take the next step. Our IDM workshop can help you determine your current IDM maturity and the specific steps your organization needs to take to continue your journey.
Book a 15-minute call with an IDM expert to get started.

IDM Solutions Partners

SailPoint
IdentityIQ

Microsoft
Entra ID

Okta Lifecycle Management
