

So, what should I do if the service is not required to be onboarded to Identity Manager? What is the process then?


The role management standards still apply – you would still need to conduct all your change, risk and impact assessments and engage Line 1 Risk for assistance as required to ensure roles are appropriately risk-rated and SoD is considered.
And what happens if any of the roles for my service are rated high to very high? Is it the same approval process when employees request access?


Great question. While all role requests require line manager approval, roles with a high or very high rating require additional approvals, usually by people that have the best understanding about the risks and the potential toxic combinations of access. This might be Line 1 Risk, Role Owners or Managers Once Removed.