This month we focused on vacancy management, shifting from the functions of identity manager to role manager. Vacancy management is difficult to control manually â€“ in many cases an approval or ownership function is a minor part of someoneâ€™s job, so the task of finding a replacement when there is a transfer or termination often goes overlooked. Itâ€™s easy for the role data to get out of date, resulting in big cleanups when the data is absolutely needed (such as during the annual performance process for line management), and a scramble to save face when a customer is waiting for a request to be approved.
Ultimately, managing the vacancies is dependent on building three key hierarchiesâ€¦
- Line management
- Data/access ownership
- Cost center ownership
â€¦and building the hierarchies is best done using a five-step process:
- Determine the needed granularity
- Collect what data is already available
- Obtain the data that is not available
- Develop the workflows for filling a vacancy when it arises
- Establish the notification processes/integration with other groups/systems that have a need to know
Clearly, this can be another round of fairly arduous cleanups, but once established, the identity management team will truly demonstrate value to the business. By helping key teams like HR and Finance solve a problem not directly related to access that has plagued them for years (although there are clear access implications).
As we continue in the series, we will focus on workflows as they pertain to provisioning and de-provisioning, user-recertification, and managing non-employees.
Populating the requirements list
In the course of designing workflows or notifications, some desired integration points may have been identified, for example, where identity manager should directly interface with certain target systems to carry out the notification function(s). If this is the case, be sure to note this on the requirements list, including relevant technical information about the target system (e.g., which protocols it can use).
How can I help?
Do you need some clarification or additional assistance? Do you have an experience to share with others? Leave a comment below so we can all improve together.