Certainly! Here’s a lifecycle guideline for managing user attributes in Azure AD for your IAM team, focusing on member and guest accounts.
User Attributes Lifecycle Guidelines for Azure AD
Context:
Member Accounts: Properties are managed by the People Tower team. No direct changes are made by our IAM team.
Guest Accounts: Our team has full control over creation, updates, and deletions.
1. Member Accounts
Responsibilities:
No creation, update, or deletion of user attributes.
Monitor for changes initiated by the People Tower team.
Ensure alignment with organizational policies and compliance requirements.
Best Practices:
Communication: Maintain open channels with the People Tower team to stay informed about any attribute changes.
Auditing: Regularly review logs and reports for member accounts to ensure compliance and identify any unauthorized changes.
Documentation: Keep a record of any relevant policies or procedures from the People Tower team.
2. Guest Accounts
Responsibilities:
Full control over the lifecycle: creation, updates, and deletions.
Lifecycle Process:
Creation:
Use standardized templates to ensure consistency in guest account creation.
Collect necessary attributes (name, email, role, etc.) from the requestor.
Updates:
Review requests for updates to guest attributes carefully.
Ensure changes align with the purpose of the guest access and document reasons for modifications.
Deletion:
Establish a clear policy for when guest accounts should be removed (e.g., project completion, inactivity).
Follow the deletion process promptly to maintain security and compliance.
Best Practices:
Access Review: Conduct regular reviews of guest accounts to ensure continued necessity and compliance with access policies.
Documentation: Keep records of all actions taken on guest accounts, including the rationale for updates and deletions.
Automation: Consider automating the guest lifecycle management process to improve efficiency and reduce errors.
Conclusion
Ensure all team members understand their roles in managing user attributes for both member and guest accounts. Regularly review these guidelines to adapt to changes in organizational policies or Azure AD functionalities.
Certainly! Here’s a lifecycle guideline for managing user attributes in Azure AD for your IAM team, focusing on member and guest accounts.
User Attributes Lifecycle Guidelines for Azure AD
Context:
1. Member Accounts
Responsibilities:
Best Practices:
2. Guest Accounts
Responsibilities:
Lifecycle Process:
Creation:
Updates:
Deletion:
Best Practices:
Conclusion
Ensure all team members understand their roles in managing user attributes for both member and guest accounts. Regularly review these guidelines to adapt to changes in organizational policies or Azure AD functionalities.