In recent years, various systems for managing users' identity for access to various software applications have been developed. The identity management systems manage individual principals and their authentication, authorization and privileges within or across computing systems and enterprise boundaries. In addition to controlling user information on computer systems and providing increased security and productivity, the identity management systems manage access to software applications, hardware and network resources.
Some known identity management systems provide a Single Sign-On (SSO) property that enables users of a system such as, for example, a software system, to log into the system once and gain access to all of the components of the system without having to log in and being authenticated at each component. Known identity management systems provide log-in controlled interfaces in order to prevent unauthorized entities from accessing the application system and direct the authorized users to the specific applications they are authorized to access. These known access control systems, however, do not provide control of various user roles and entitlements within each application, which may be different in different applications. Therefore, a need exists for an identity management system to control users' access rights within multiple applications in one place without the need for updates to every single application.