Responsibility Sharing

IdentityIQ allows activities or responsibilities to be assigned to Workgroups just as they can be assigned to an Identity. Grouping Identities into Workgroups makes it possible for multiple people to share responsibility for certain functions, which can help with managing activities that must be performed by someone but do not necessarily need to be owned or performed by a specific person.

The following responsibilities are assignable to a workgroup:

• Application Owner

• Application Revoker

• Certification Owner

• Role Owner

• Entitlement Owner

• Account Group Owner

• Policy Owner

• Policy Violation Owner

• Policy Violation Observers

Consider, for example, a large-application System Administration team made up of five people who share responsibility for managing access and permissions for many users. These shared responsibilities could be divided among the team members by setting different team members as the Application Owner, Revoker, Certification Owner, etc. If, however, all team members are qualified and empowered to address any of these requests, it could be substantially more efficient to create a Workgroup for this team and assign these activities to the Workgroup, rather than assigning ownership to any one of the team members. Access / Revocation / Certification requests can then be funneled to the group to be processed by the first available team member.