ABSTRACT
An identity can be mapped to a person. An account is an arbitrary profile that has been given access to a program. A person can be mapped to many accounts depending on his or her role(s) in the organization. Nonpersons can be mapped to accounts to fulfill a programmatic function. The entitlements aggregator’s role is to parse and normalize the identity data from the various sources so that the central identity repository can consume, store, and correlate identity information. Deploying the central identity repository is an iterative process. Create a repeatable model to systematically migrate the myriad identity stores as well as add new ones. Provide a central point of administration for identity management, including provisioning, de-provisioning, processing transfers, and conducting user recertifications. Access to systems and data is not restricted to employees alone in most organizations.
