Automated User Administration

ID-Synch® can monitor one or more systems of record on a periodic basis (e.g., nightly or every few hours), searching for updates to user profiles. Updates may include new hires, terminations and changes to user profiles (e-mail addresses, job codes, department codes, location and so on).

These changes are first passed through a data filter, which removes objects that are outside the scope of the ID-Synch deployment. For instance, a global enterprise might have a global HR system that is used as a system of record, but only users on a single continent may be in scope for ID-Synch automated management. In this example, changes noted to users in other regions are removed from the authoritative data feed before it is processed further.

Next, changes to user objects noted on authoritative systems are transformed, using roles, rules or both, to calculate what login accounts, attributes and group memberships the affected users should have or whether their access should be created or terminated.

Transformed user profile data may then be:

Compared against current-state data about these users on target systems
Send to the ID-Synch authorization engine, to acquire approval for the proposed security changes
Applied directly to target systems

This process is known as automated administration or, alternately, as automatic change propagation. It is implemented by the IDCOMPARE component in ID-Synch.