Identity & Access Management

System owners define how user management takes place, including who is authorised to request changes to which user roles and how this can be requested/managed. System owners determine the access control models used for which types of users.

After a period of 45 days of inactivity or at the end date of a formal relation with the organisation for which the account was provided, accounts are automatically blocked. After 90 days the account is deleted or stripped of all authorisations. Unblocking accounts follows the same approval process for requesting access as Joiner/Mover situations.

End-user authentication for applications takes place through a trusted Identity Provider for anyone with access to organisational data. The organisation has a defined relationship with individuals that have been given access, either directly or through contractual agreements with third parties. Only production environments can be linked to the production IdP.