Identity Lifecycle Management : Key terms

In today’s digital landscape, organizations must efficiently manage user identities throughout their entire lifecycle—from onboarding to offboarding—to ensure security, compliance, and operational efficiency. This process is known as Identity Lifecycle Management (ILM), a critical component of Identity and Access Management (IAM).

ILM defines how user identities are created, modified, monitored, and eventually removed when they are no longer needed. By implementing strong identity lifecycle processes, organizations can reduce security risks, prevent unauthorized access, and streamline user management.

Understanding key ILM terms is essential for IT and security professionals responsible for identity governance. Some of the fundamental concepts include:

User Provisioning & De-Provisioning – Automating the creation and removal of user accounts.
Access Request Management – Enabling users to request access based on roles and policies.
Role Management & Identity Synchronization – Ensuring users have the right permissions based on their job functions.
Access Certification – Regularly reviewing user access to maintain security and compliance.
Self-Service Identity Management – Allowing users to reset passwords or update their profile securely.

This guide will break down these key terms in Identity Lifecycle Management (ILM) to help organizations enhance security, automate workflows, and maintain compliance with industry regulations.

1. Identity Lifecycle Stages

User Provisioning – Creating and assigning access to new users
User Deprovisioning – Revoking access and removing accounts when a user leaves
Onboarding – Adding new users to an organization's identity system
Offboarding – Removing users from systems upon departure
Identity Synchronization – Keeping user data consistent across multiple systems
Identity Federation – Enabling users to access multiple systems with one identity

2. Identity Roles & Access Management

Role-Based Access Control (RBAC) – Assigning access based on predefined roles
Attribute-Based Access Control (ABAC) – Granting access based on user attributes (e.g., department, location)
Least Privilege Access – Granting only the minimum permissions needed
Entitlement Management – Defining and managing access rights
Privilege Escalation – Temporarily increasing access for specific tasks

3. Automation & Governance

Self-Service Identity Management – Allowing users to reset passwords or request access
Access Certification – Periodic review of user permissions
Identity Audit & Compliance – Ensuring access follows security policies
Identity Governance – Policies and controls to manage user identities
Segregation of Duties (SoD) – Preventing conflicts by restricting certain role combinations

4. Authentication & Security

Multi-Factor Authentication (MFA) – Enhancing security by requiring multiple authentication methods
Single Sign-On (SSO) – Allowing one login for multiple applications
Identity Verification – Confirming a user's identity before granting access
Biometric Authentication – Using fingerprints, facial recognition, or other biometrics
Session Management – Controlling user session timeouts and re-authentication

5. Integration & Standards

Identity Provider (IdP) – A service that manages user authentication
LDAP (Lightweight Directory Access Protocol) – A protocol for accessing user directories
SCIM (System for Cross-domain Identity Management) – A standard for automating identity management
OAuth 2.0 – A protocol for secure access delegation
SAML (Security Assertion Markup Language) – A standard for exchanging authentication data

Here’s how these Identity Lifecycle Management (ILM) keywords apply in practice, broken down by key stages in the identity lifecycle.

1. Identity Creation & Onboarding

How it Works: When a new employee, contractor, or customer joins, they need an identity within the organization’s system.

User Provisioning – The process of automatically creating accounts and granting appropriate access.
Identity Provider (IdP) – A service (e.g., Microsoft Entra ID, Okta) that manages identity verification.
SCIM (System for Cross-domain Identity Management) – A standard that automates user account creation across different applications.
LDAP (Lightweight Directory Access Protocol) – Used to store and retrieve user identity details in enterprise directories.
SAML (Security Assertion Markup Language) – Enables single sign-on (SSO) by securely exchanging authentication data between identity providers and applications.

Example: A new employee joins a company. Their details are automatically pulled from HR systems via SCIM, creating accounts in Active Directory, email, and business applications.

2. Authentication & Access Management

How it Works: After onboarding, users must securely log in and access only authorized resources.

Multi-Factor Authentication (MFA) – Users must verify their identity using two or more factors (e.g., password + fingerprint).
Single Sign-On (SSO) – Users log in once to access multiple applications without re-entering credentials.
Role-Based Access Control (RBAC) – Users receive permissions based on their job role (e.g., HR personnel get access to payroll systems).
Attribute-Based Access Control (ABAC) – Access is granted based on dynamic attributes (e.g., only employees in the finance department can access accounting systems).
Least Privilege Access – Users only get the minimum permissions required for their job.

Example: A sales manager logs in to their company portal via SSO using MFA. They are automatically given access to the CRM but not the financial systems.

3. Ongoing Identity Governance & Security

How it Works: As users' roles or employment status change, their access must be updated to maintain security.

Identity Synchronization – Ensures user details (e.g., email, job title) are updated across all connected systems.
Access Certification – Periodic reviews by managers or IT teams to validate that users still need their assigned access.
Privilege Escalation – Temporary elevated access granted for special tasks (e.g., an IT admin gets temporary access to a critical system).
Identity Audit & Compliance – Logs and reports ensure compliance with security standards (e.g., GDPR, ISO 27001).
Segregation of Duties (SoD) – Prevents fraud by ensuring users don’t have conflicting access rights (e.g., an employee cannot both approve and process payments).

Example: An IT security team reviews an access certification report and removes unnecessary admin rights from a former manager who moved to a different department.

4. Offboarding & Deprovisioning

How it Works: When users leave the organization, their access must be revoked to prevent security risks.

User Deprovisioning – Automatically revoking access and disabling accounts when a user departs.
Identity Governance – Ensuring deactivated accounts cannot be accessed after offboarding.
Session Management – Immediately logging out users and terminating sessions upon deactivation.

Example: A departing employee’s accounts are automatically disabled, their email access is revoked, and their cloud storage is archived.

5. Integration & Automation

How it Works: Identity Lifecycle Management (ILM) is most effective when automated and integrated with enterprise systems.

SCIM (System for Cross-domain Identity Management) – Automates identity provisioning across SaaS applications.
OAuth 2.0 – Ensures secure API-based authentication for cloud applications.
Biometric Authentication – Enables secure logins with fingerprint or facial recognition.

Example: A company uses SCIM to sync employee identity data between their HR system, Active Directory, and cloud apps like Salesforce and Slack.

Conclusion

Effective Identity Lifecycle Management (ILM) ensures that:
✅ New users get the right access when they join (Provisioning)
✅ Users only have the necessary access (Access Control)
✅ Security policies and compliance rules are enforced (Governance)
✅ Users are offboarded properly when they leave (Deprovisioning)