Identity and Access Management System

The Vendor is required to provide solutions to replace its existing Identity and Access Management (IAM) solution, IDWeb.
- The primary business driver for this effort is that the underlying platform, Microsoft Identity Manager (MIM) will reach end-of-life in 2029.
- This application supports multiple business units: technology, security, business applications and human resources.
- Strong AD and hybrid identity support
•    Deep integration with Active Directory
•    Entra ID / Microsoft 365 integration
•    Hybrid identity support for on-prem and cloud applications
•    Support for syncing identities across multiple authoritative sources
- HR-driven identity
•    Ability to use HR or personnel systems as the source of truth
•    Automated updates when users change roles, locations, or departments
•    Termination workflows that quickly remove access
- Access governance
•    Access reviews and recertifications
•    Role mining/role modeling
•    Separation of duties controls
•    Approval workflows for elevated or non-standard access
•    Audit trail showing who approved what and when
- Self-service capabilities
•    Self-service password reset
•    Self-service group or access requests
•    Manager-based approvals
•    Delegated administration for limited support functions
- Security and compliance
•    MFA integration
•    Least privilege support
•    Privileged access workflow integration
•    Detailed logging and reporting
•    Support for compliance and audit requirements
•    Strong policy enforcement around provisioning and access removal
- Workflow and automation
•    Flexible workflow engine
•    Low-code or configurable process design
•    Event-driven automation
•    Ability to integrate with ticketing systems and existing operational processes
- Application integration
•    Prebuilt connectors for common enterprise systems
•    APIs for custom integrations
•    Support for legacy applications that may not be modernized yet
•    File/database/API-based integration options where needed
- Scalability and reliability
•    Able to support your full user population and growth
•    High availability options
•    Disaster recovery support
•    Vendor support maturity and product roadmap stability
- Reporting and visibility
•    Easy reporting for auditors and leadership
•    Dashboards for provisioning status, failures, orphaned accounts, and certification results
•    Clear visibility into manual exceptions
- Administrative simplicity
•    Easier to manage than MIM
•    Reduced dependency on niche skill sets
•    Better documentation and vendor support
•    Lower operational overhead for day-to-day administration
- Core identity lifecycle management
•    Joiner, mover, leaver automation
•    Automated provisioning and deprovisioning
•    Role and attribute-based access assignment
•    Group management
•    Birthright access based on job function or department
- Deployment fit
•    Cloud-native or hybrid
•    Reasonable migration path from MIM without major disruption