Articles in this section

Managing Distinct Identity Populations with Tailored Controls

Avatar
Gaven Heim (SIDM)
  • Created
  • Updated
Follow

The Identity Panel Suite is designed to manage complex identity environments, including the ability to segment users into distinct populations—such as employees, contractors, and vendors—and apply customized controls for each group. This feature supports compliance, security, and operational efficiency by ensuring that each type of user is governed by policies aligned with their role and risk profile.

Segmentation of User Populations

Identity Panel enables organizations to logically divide users into separate identity populations using Projected Silos—customized views of identity data based on attributes such as employment type, organizational unit, or source system. These silos act as independent management zones, allowing organizations to enforce different rules for each group without altering source data or directory structures.

Each silo can be assigned its own provisioning logic, attribute rules, and lifecycle definitions. For example:

  • Employees can have full provisioning workflows, complex onboarding automation, and long-term audit history.

  • Contractors might be limited to temporary group memberships and auto-expiring accounts.

  • Vendors could have stricter authentication requirements and minimal data retention.

Custom Management Controls per Population

Once segmented, each user population can be governed by distinct policies using the following capabilities:

  • Password and Authentication Policies
    Each population can be assigned different password policies and authentication settings. For example, multifactor authentication (MFA) can be enforced for vendors while contractors may use time-bound credentials.

  • Provisioning and Lifecycle Rules
    HyperSync Panel supports customizable stateful and event-driven provisioning. Rules can define when a user should be created, modified, or deactivated based on the data in their silo and lifecycle stage (joiner, mover, leaver).

  • Access Controls and Entitlements
    Access Panel allows for attribute-based and role-based access control. Different entitlements, group memberships, and access policies can be automatically applied based on silo membership.

  • Audit and Attestation
    Each group can participate in its own access reviews and compliance campaigns. For example, contractors may require monthly entitlement reviews while employees might follow a quarterly schedule.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk