Brief Description
An IdM system is designed to be an authoritative central hub of identity information. External services may access information through APIs or directory services, or data may be provisioned to external services. It is crucial to ensure that information security is maintained when data is in transport and when stored in a new location. Changes in the IdM system should be propagated to external systems in a timely manner. The ease and speed of propagating changes may be a factor when procuring systems which need to be integrated with the IdM system.
Generic Functional Requirements
- information about a user should include attributes as specified by the organization
- only the IdM system should be able to write to log/audit data stores
- the IdM system must be able to associate user account data across multiple systems each having different schemes for local identifiers
- the IdM system needs to notify downstream systems of user-related events in a timely and secure fashion
- the IdM system must consume upstream user-related events from systems of record in a timely and secure fashion