Managing the lifecycle of an identity presents considerable challenges. Typically, digital identity information is required in many directories and data stores - but it is hard work creating these entries, keeping these in sync with each other and with business rules, then removing or disabling entries when required. At best this means high administrative overhead, at worst it leads to insecure and non-compliant systems.

Identity Lifecycle Management: The processes and technology used to create and delete accounts, manage account and entitlement changes and track policy compliance, including some or all of the following:

• Provisioning/deprovisioning. The automatic creation and expiration of accounts in multiple systems based on data from authoritative data sources, thereby reducing the administrative effort involved in manual account creation and management, and reducing security risk by the automatic application of policies.
• Workflow. The automation of steps within the identity lifecycle management process including notification, approval, escalation and creation of audit data.
• Administration. The facilitation of the administration of identities, usually through the deployment of a web-based user administration console. Such interfaces are often used for delegated administration and possibly even user self-service, in conjunction with workflow.
• Credential management. Passwords, certificates and smart cards.
• Role management. Where RBAC is in use, facilities for the creation and maintenance of roles, including role definition and role membership.

Kim Cameron, Microsoft Corporation

An Identity Lifecycle Management (ILM) solution will enable your organization to define and automate the process used to manage the entire lifecycle of digital identities and associated entitlements.

OCG provide ILM solutions based on Microsoft Identity Lifecycle Manager (ILM) 2007, our own components and selected third party tools that have been written to compliment ILM. Together these technologies provide an integrated and comprehensive solution for managing the lifecycle of a user’s digital identity and associated access rights from creation through to retirement.

• Boost efficiency by integrating with existing infrastructures to automate and centralize identity lifecycle processes and tools that were historically disparate and manual.
• Improve operational efficiency by gaining a single view of a user across multiple systems.
• Incorporate strong authentication tools seamlessly with end-to-end lifecycle management of smart cards and digital certificates.
• Reduce integration and customization costs by providing a single foundation for all core identity lifecycle management.
• Improve security and compliance with the ability to enforce and track identities across the enterprise.
• Decrease help desk costs by providing people with self-help tools to manage routine tasks, such as changing passwords or resetting smart card PINs.