Sun Identity Manager makes it possible to automate the process of creating, updating, and deleting user accounts across multiple IT systems. Collectively, this process is known as provisioning (that is, creating and updating user accounts) and deprovisioning (deleting user accounts).
For example, when an employee joins a company, Identity Manager runs a workflow that retrieves the necessary approvals to grant the employee access. When these approvals are obtained, Identity Manager creates accounts for the employee in the company's human resources system (PeopleSoft), email system (Microsoft Exchange), and enterprise application (SAP). If the employee changes roles in the company, Identity Manager updates the user account and extends access to the necessary resources required in that new role. And when the employee leaves the company, Identity Manager automatically removes the user's accounts to prevent further access.
Identity Manager can also enforce audit policies on an ongoing basis. An audit policy specifies what types of access a user may or may not have. For example, in the United States it is a violation of Sarbanes-Oxley (SOX) for the same user to have access to both Accounts Payable and Accounts Receivable systems. This is known as a separation of duties violation. Identity Manager can conduct audit scanning to check for a variety of these types of violations and, depending on configuration, automatically remove access or send a notification to an administrator when a violation is detected. This process is known as remediation.