This document discusses managing the end-to-end lifecycle of user identities across an enterprise, including onboarding, provisioning, single sign-on and identity federation, authentication, authorization, self-service, monitoring and analytics, and deprovisioning. It provides details on processes within each stage of the identity lifecycle such as self-service options, provisioning methods, authentication factors, authorization policies, and types of monitoring and analytics.

1. Senior Director - Security Architecture,
WSO2
Managing the End-to-End Lifecycle of
User Identities Across Your Enterprise
Prabath Siriwardena

2. • Onboarding
• Provisioning
• SSO & Identity Federation
• Authentication
• Authorization
• Self-Service
• Monitoring & Analytics
• Deprovisioning
End-to-end Lifecycle

3. Onboarding
• Employees vs.
customers
• Self signup
• Self signup with
verification
• Approval workflows

4. Provisioning
• Outbound provisioning
• JIT provisioning
• Conditional provisioning
• SCIM 2.0

5. SSO and Identity Federation
• Identity bridging
• Claim mapping
• JIT provisioning
• Conditional authentication
• SAML/OIDC/WS-
Federation

6. Authentication
• Multi-factor
authentication
• Adaptive authentication
• FIDO U2F, TOTP,
SMS/Email OTP
• LDAP, Database, AD

7. Authorization
• Role-based
• Attribute-based
• XACML REST API
• Policy templates

8. Self-service
• User portal
• Password reset
• Self access requests
• Consent management
• Profile update
• Password reset
• Account recovery

9. Monitoring
and Analytics
• Login analytics
• Session analytics
• Fraud
detection/prevention

10. Deprovisioning
• Anonymize all user data
• Automated
deprovisioning with
connected systems

11. wso2.com