Identity and access management (IAM) refers to the processes, technologies, and policies for managing digital identities and controlling how those identities can be used to access resources. For large business entities having thousands of employees and complex computer systems, IAM can be a challenge.
As personnel join, leave, and move throughout the enterprise, access rights to various computing resources may need to be updated, e.g., to add, remove, or modify access rights. Furthermore, periodic access reviews may need to be performed to ensure that access rights for personnel do not exceed the scope of their authority. In other words, access reviews may be used to determine whether employees can access only those resources necessary to perform their job duties. Moreover, it may also be important to ensure personnel are not provided with incompatible access rights—combinations of access rights that would allow personnel to carry out incompatible tasks.
These aspects of IAM may be difficult in current implementations of IAM systems. In particular, current IAM systems may require business personnel to request changes to access rights in terms of the technical infrastructure underlying the enterprise computer system. Furthermore, provisioning access rights in conventional systems may be a manual process, which can lead to mistakes and inconsistencies in provisioned access rights. Erroneously provisioned access rights may lead to users having access to computing resources outside the scope of their authority. Additionally, current IAM systems may require business personnel to perform access reviews also in technical terms. Business personnel, however, may not be familiar nor concerned with the technical details of the enterprise computer system. As a result, business personnel may have difficulty requesting changes to access rights and conducting access reviews. Therefore, a need exists for improved approaches to submitting access requests and conducting access reviews.