Today, computer users typically have many different accounts that are used to authenticate and log on to various services and programs. Examples of typical services and programs that a user may have an account with include one or more of the following: an operating system, an e-mail program, a document management system, a frequent flyer account, a corporate intranet site, etc. Typically, credentials such as a username and a password are used to verify a user's identity prior to the user being given access to a service or program.
One method to track a user's accounts (and possibly logon information) is the use of an identity map. An identity map typically associates a user with some or all of the accounts and/or identities assigned to, linked to, and/or associated with the user. For example, an identity map can contain information that shows that a user has an account with an operating system (e.g., a WINDOWS logon), a corporate billing system, and a corporate filing system.
An identity map can serve as the foundation for many identity related services and capabilities that an organization makes available to their workers, partners, or customers (e.g., users). For example, in order to review the access rights assigned to a user, the access rights of all of their accounts should be reviewed. An identity map can serve as an inventory for the user's accounts to be reviewed. Similarly, in order to fully remove access for a user, at termination for example, a system uses the inventory of all of the user's accounts so they can be disabled or deleted. Other capabilities such as password management, job change, relocation, review of user activity, etc. can rely on an identity map to provide the inventory of accounts for a user.