Every time a person joins an organization, moves through it or leaves it, business users must fill in forms to request matching changes to the user's security entitlements on corporate systems and applications and IT security administrators must implement those changes.

While individual Add / Edit / Delete requests may be simple, the cost is cumulative:

• It can be hard for users to figure out what changes they need and how to ask for it.
• Change requests are often improperly filled in and must be rejected by administrators because they are ambiguous or not adequately authorized.
• The total number of A/E/D requests can be large, as it is a product of user mobility and the number of systems and applications.

The net result is that security change management is often very expensive.

• Identity Manager can eliminate a significant part of the Add/Edit/Delete workload by monitoring a system of record, such as HR, and automatically changing user access to systems and applications.
• Identity Manager enables users to fill in change request forms on-line. These forms are validated, calculated fields filled in and requests are sent to suitable business stake-holders to approve. This simplifies request input and eliminates rejected forms.
• Identity Manager can automatically fulfill approved change requests on widely subscribed systems and applications, eliminating manual effort on the part of system administrators.
• System administrators can use Identity Manager to get a consolidated view of a user's security entitlements, across systems and applications. A user-centric rather than system-centric view saves time for remaining manual administration.

Using Identity Manager, organizations can eliminate part of the security change management process, move some of it to self-service and expedite what remains.