ISIM Scenarios
The company in these scenarios is a large public insurance company. Employees at the company have a wide variety of roles, from accounting to adjusting claims, to customer service. The company grew both organically and through acquisitions over time. As a result, the company has many fragmented information technology systems and processes for managing its business. In some cases, these systems are used by only a few individuals or they are dependent on employee responsibilities. For example, accountants use a proprietary accounting software developed internally. Customer service representatives use a customer relations management (CRM) system developed and serviced by a third party. Other systems, such as email and voice mail, are common to all employees. Internal policies are in place to control access to these resources. For example, customer service representatives are not allowed access to accounting software. These policies are difficult to manage and control, requiring approval forms or email tag..
When employees switch departments and jobs, significant time can pass before the employee is removed from old systems and added to new systems. The delays create security issues and decrease productivity. The need to control access to resources also places a burden on the insurance company management. Managers provide approvals for subordinates who need new access to resources, remove access in some circumstances, and regularly audit those resources for accounting purposes. Away from the office or on vacation, managers often have no way to delegate approvals to other individuals. They must keep records of such delegation in the form of paper or email. Because it is a large public company, it is also required to follow many securities regulations and must make regular internal audits. Audit reports are time consuming and done manually, often once or twice a year at considerable expense.
Because of the expense and loss of productivity in managing this complex environment, the insurance company decided to implement IBM Security Identity Manager. The scenarios in this section demonstrate how company employees would use ISIM to provision employees into an identity system and do common identity management activities. These scenarios are grouped by the type of user who does the activity. Out of the box, IBM Security Identity Manager provides views for these five common user types:
System administrator Responsible for ISIM setup and administration activities. Activities include provisioning people, adding services, defining access entitlements, and setting permissions for system users. In most organizations, these administrative tasks are assigned to different users with different roles, permissions, and responsibilities. For the purposes of these scenarios, these administrative tasks are done by one person. Service owner Responsible for enabling users to do tasks associated with services and access entitlements. Help desk Responsible for assisting users with common user and account management tasks, such as locked accounts and passwords. Manager Responsible for users who report to them. Auditor Responsible for auditing the system by creating reports. Non-administrative user Common user of resources whose identity is managed by ISIM. Parent topic: Scenarios