This month we focused on vacancy management, shifting from the functions of identity manager to role manager. Vacancy management is difficult to control manually – in many cases an approval or ownership function is a minor part of someone’s job, so the task of finding a replacement when there is a transfer or termination often goes overlooked. It’s easy for the role data to get out of date, resulting in big cleanups when the data is absolutely needed (such as during the annual performance process for line management), and a scramble to save face when a customer is waiting for a request to be approved.

Ultimately, managing the vacancies is dependent on building three key hierarchies…

  • Line management
  • Data/access ownership
  • Cost center ownership

…and building the hierarchies is best done using a five-step process:

  1. Determine the needed granularity
  2. Collect what data is already available
  3. Obtain the data that is not available
  4. Develop the workflows for filling a vacancy when it arises
  5. Establish the notification processes/integration with other groups/systems that have a need to know

Clearly, this can be another round of fairly arduous cleanups, but once established, the identity management team will truly demonstrate value to the business. By helping key teams like HR and Finance solve a problem not directly related to access that has plagued them for years (although there are clear access implications).

As we continue in the series, we will focus on workflows as they pertain to provisioning and de-provisioning, user-recertification, and managing non-employees.

Populating the requirements list

In the course of designing workflows or notifications, some desired integration points may have been identified, for example, where identity manager should directly interface with certain target systems to carry out the notification function(s). If this is the case, be sure to note this on the requirements list, including relevant technical information about the target system (e.g., which protocols it can use).

How can I help?

Do you need some clarification or additional assistance? Do you have an experience to share with others? Leave a comment below so we can all improve together.

About the Author Ioana Bazavan Justus

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.