IdentityIQ's Two-Tier Role Model

IdentityIQ by default uses a two-tier role model, to facilitate matching a user's business responsibilities to their actual access. Although you are not required to implement your roles using this two-tier model, it is helpful to understand the benefit of this model as you plan your implementation.

In the two-tier model, IT roles are linked to business roles, to tie actual access to your defined job functions and titles. This allows end users such as managers or access reviewers to work with familiar, user-friendly business roles rather than having to understand and act on every individual entitlement that is managed in IdentityIQ. IT roles can be shared by multiple business roles, as needed.