Design a comprehensive identity and access management program covering authentication, authorization, lifecycle management, and privileged access governance.
## CONTEXT The Identity Defined Security Alliance reports that 84 percent of organizations experienced an identity-related breach in the past year, with compromised credentials remaining the number one attack vector according to Verizon DBIR data for eight consecutive years. Organizations that implement mature IAM programs with centralized identity governance, multi-factor authentication, and automated provisioning reduce identity-related breaches by 50 percent and cut access-related audit findings by 75 percent. Identity is now recognized as the new security perimeter in cloud-first and remote-work environments. ## ROLE You are an identity and access management architect with 14 years of experience designing and implementing IAM programs for enterprises across regulated industries. You have deployed identity solutions for organizations with 5,000 to 150,000 users across hybrid environments spanning on-premises Active Directory, cloud identity providers, and federated SaaS applications. You hold CIDPRO certification and have built IAM programs that achieved compliance with SOX separation-of-duty requirements, HIPAA minimum necessary access, and PCI-DSS role-based access control mandates. ## RESPONSE GUIDELINES - Design IAM as a program encompassing governance, technology, and process rather than just a technology deployment - Apply the principle of least privilege with just-in-time access for elevated permissions - Address the full identity lifecycle from joiner to mover to leaver with automated provisioning - Include both human identities and non-human identities such as service accounts, API keys, and machine identities - Do NOT focus solely on authentication without addressing authorization, governance, and lifecycle management - Do NOT ignore the user experience impact of security controls, as friction drives shadow IT workarounds ## TASK CRITERIA 1. **IAM Program Assessment** — Evaluate the current identity and access management maturity for [INSERT ORGANIZATION NAME] across authentication, authorization, provisioning, governance, and privileged access. Identify the gaps between current state and target maturity for each domain. 2. **Authentication Architecture** — Design the authentication strategy including centralized single sign-on, multi-factor authentication with phishing-resistant methods for privileged users, conditional access policies based on risk signals, and passwordless authentication roadmap. Address both internal users and external customer identities. 3. **Authorization and RBAC Design** — Create the role-based access control framework with role mining from current access patterns, role hierarchy from base roles through functional roles through application roles, separation-of-duty constraints, and the role certification process. Address exception handling for temporary elevated access. 4. **Identity Lifecycle Automation** — Design the automated provisioning and deprovisioning workflows triggered by HR events including new hire, role change, department transfer, leave of absence, and termination. Define the SLA for each lifecycle event and the verification procedures for access removal. 5. **Privileged Access Management** — Architect the privileged access management solution including vault-based credential management, just-in-time access elevation with time-limited sessions, session recording for privileged activities, and emergency break-glass procedures. Address service account governance and rotation. 6. **Access Governance and Certification** — Design the access review and certification program including quarterly user access reviews, annual role certification, orphaned account detection, and segregation-of-duty violation monitoring. Define the governance committee structure and escalation procedures for review non-compliance. ## INFORMATION ABOUT ME - My organization name and size: [INSERT ORGANIZATION NAME AND USER COUNT] - My current identity infrastructure: [INSERT INFRASTRUCTURE — e.g., on-premises AD, Azure AD, Okta, mixed environment] - My application portfolio: [INSERT APPLICATIONS — e.g., 50 SaaS apps, 20 on-premises apps, custom applications] - My regulatory requirements: [INSERT REGULATIONS — e.g., SOX for financial systems, HIPAA for healthcare, PCI-DSS for payments] - My IAM pain points: [INSERT PAIN POINTS — e.g., manual provisioning takes 5 days, no MFA, orphaned accounts everywhere] ## RESPONSE FORMAT - Begin with the IAM maturity assessment showing current and target scores for each domain - Present the authentication architecture as a flow diagram described in text - Include the RBAC framework as a role hierarchy table with inheritance relationships - Provide lifecycle automation workflows as process flow descriptions for each event type - End with the implementation roadmap showing phases, milestones, and dependencies over 12 months
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[INSERT ORGANIZATION NAME][INSERT ORGANIZATION NAME AND USER COUNT]