Identity Access Management (IAM)

Joiner

• User Onboarding & Identity Creation – Creating a digital identity for the new employee in the IAM system.

• Role-Based Access Assignment – Defining and assigning access based on predefined roles.

• Multi-Factor Authentication (MFA) Setup – Enforcing authentication mechanisms for secure login.

• Access Approval Workflow – Ensuring managers or system owners approve the assigned access.

• Provisioning of Resources – Granting access to systems, applications, and data necessary for the role.

• Training on Security Policies – Educating employees on security protocols and best practices.

• Access Review & Validation – Confirming that employees received the correct access permissions.

• Monitoring & Compliance Checks – Ensuring continuous compliance with regulatory requirements.

• Initial Audit & Logging – Recording access activities for security and compliance purposes.

Mover

• Role Assessment & Analysis – Identifying the employee's new role and determining necessary access adjustments.

• Access Review & Cleanup – Removing old permissions that are no longer needed for the new position.

• New Role-Based Access Assignment – Granting access based on the requirements of the new role.

• Approval Workflow for Updated Access – Managers or system owners review and approve modifications.

• Multi-Factor Authentication (MFA) Revalidation – Ensuring authentication requirements align with the new role.

• System & Application Provisioning – Providing access to specific tools, platforms, or resources required.

• Training & Policy Updates – Educating employees on security protocols related to their new responsibilities.

• Compliance & Audit Checks – Validating that access changes align with security and regulatory requirements.

• Ongoing Monitoring & Logging – Tracking access changes to ensure security and detect anomalies.

Leaver

• Notification & Initiation – HR or management triggers the process upon an employee’s departure.

• Access Review & Inventory – Identifying all systems, applications, and permissions associated with the employee.

• Access Revocation & Deactivation – Removing credentials, accounts, and permissions across all platforms.

• Device & Asset Recovery – Ensuring company devices, security tokens, and other assets are returned.

• Data Transfer & Retention – Handling email, files, or work-related data in compliance with retention policies.

• Exit Interview & Security Briefing – Reinforcing company policies on confidentiality and post-employment responsibilities.

• Audit & Compliance Verification – Confirming that all access has been revoked and documenting the process.

• Ongoing Monitoring & Logging – Keeping logs to track any access attempts post-departure.

• Threat Detection & Response – Watching for unauthorized access attempts and potential security risks.

Scope Definition

• Cert and Framework Identification

• Application & Entitlement

• RACI Development

• Scheduling

• Communication

• Success Criteria

Application Requirements

• Accountability and Responsibility

• Data Structure

• Timing

• Evidence Requirements

• Entitlement Scope 

Configure IDM

• Extract Transform Load scripts

• Application - IDM API

• Certification Parameters

• Reporting 

Obtain Data, C&A Review

• Request Data and execute scripts

• Obtain and review evidence

• Reporting & Escalation 

Review Access

• Launch UAR from IDM

• Progress Reporting

• Exception Campaign Management 

Validate Revocations

• Evaluate Revocations in IDM

• Obtain application data and evidence

• Compile information for Reporting

Compliance & Auditor Reporting 

• Assemble Application data and evidence

• Assemble IDM data

• Craft summary with RCA for findings

Application Discovery & Assessment

• Identify applications requiring integration with IAM.

• Analyze their access models, security requirements, and compliance needs.

Requirements Gathering & Access Mapping

• Define roles, entitlements, and permission structures.

• Map application access to existing IAM policies.

Integration Design & API/Connector Development

• Develop or configure connectors for automated provisioning/deprovisioning.

• Ensure compatibility with Single Sign-On (SSO) and authentication mechanisms.

Security & Compliance Validation

• Conduct risk assessments and validate compliance with regulatory standards (e.g., SOX, HIPAA, GDPR).

• Implement security controls, such as multi-factor authentication (MFA).

Testing & User Acceptance

• Perform integration testing for entitlement provisioning accuracy.

• Validate access workflows with business stakeholders.

Deployment & Role-Based Access Control (RBAC) Implementation

• Enable automated provisioning/deprovisioning based on roles and policies.

• Ensure audit logging for access changes.

Training & Documentation

• Provide training to administrators and users on access management workflows.

• Document application onboarding procedures and governance policies.

Continuous Monitoring & Optimization

• Implement access review mechanisms to detect inappropriate entitlements.

• Optimize automation processes for efficiency.

Framework

Element-46 will facilitate a discovery series to review the following:

Workforce Identity and Access Management

• Authentication methods

• Catalog & Entitlement Lifecycle

• Identity Lifecycle

• Role, Attribute or Policy based controls

Identity Governance and Administration

• • • Framework Review : NIST Cybersecurity, SOC2 TYPE2, ISO 27001

    • User Access Review (UAR) process review

    • Ownership Organization Analysis

Privileged Access Management

• • • Account Naming Convention

    • Fine Grained Authorization

    • Access Duration and Availability

Customer Identity and Access Management (CIAM)

• • • Fine Grained Access

    • Role, Group, Attribute, Policy assessment

    • Authentication Method

    • Sustainability Analysis

Output

GAP ANALYSIS

Element-46 will assess the data collected during the discovery phase to create a thorough gap analysis, pinpointing areas that must be addressed for a fully developed Identity program. This analysis will examine the identified gaps from both operational and security viewpoints, covering the aspects of people, processes, and technology. Each gap will be categorized by its importance, accompanied by detailed recommendations.

ROAD MAP

A road map will be formulated to outline the necessary components for implementing the Identity program. This will encompass process implementation, staffing suggestions, and an evaluation of technology solutions to ensure they align with both current needs and future business goals. The road map will also factor in any limitations identified during the engagement, serving as a guide for scheduling and budgeting efforts.Role Assessment & Analysis – Identifying the employee's new role and determining necessary access adjustments.