We’re reviewing how to properly handle technical accounts in our environment and would appreciate insights.
Should technical accounts be placed in a specific directory to have an Identity, with an assigned responsible person or application linked in the Identity?
In our case, the applications of the environment are currently not defined in Usercube. Should we first onboard all applications before managing technical accounts?
Alternatively, is it better to link technical accounts directly to the responsible user’s identity and then reassign them to the new owner when that user leaves the organization?
Hi Kamil,
Actually, both approaches can work.
It is up to you to chose the right one.
| Technical identities |
Human identities |
| Technical identities need to be created (automatically or manually) |
Some new attributes need to be added: Owner, Technical information, etc |
| They can have a dedicated data model, workflows, rules, etc |
The data model can be more complex |
| Classification and correlation rules need to be created |
Classification and correlation rules need to be updated accordingly |
| Access certification will be independent, no global view |
It is possible to certify all accesses at once. An extra filter is needed in case of access certification segregation |
| An update needs to be made for the internal profiles |
An update might be needed for the internal profiles |
| Several accounts can be linked to the same identity and possibility to link several owners for each technical identity or have an owner and a backup |
Several accounts can be linked to the same identity |
| A rule, workflow or script is needed to update the owner in case of departure |
It is possible to configure grace periods in order to be able to set a new owner after a departure |
In my opinion, the independent approach is better:
Maintainable configuration.
Independent configuration and processes.
Easy to disable or roll-back.
More flexible data model.
Segregation between the user lifecycle and the application lifecycle.
Hope this helps 
4 Likes