PingOne Advanced Identity Cloud

Governance lifecycle management

Governance lifecycle management (Governance LCM) offers a form of delegated administration allowing end users to manage the lifecycles of both users and entitlements.

Governance LCM includes the following capabilities:

  • User lifecycle management (user LCM): This feature allows customers to delegate user administration to non-technical staff through a user-friendly interface. Using this interface, they can create, update, and delete users, with all changes subject to an approval process.

  • Entitlement lifecycle management (entitlement LCM): This feature provides a centralized location for application and entitlement owners to manage the accounts and permissions for the applications they own. It also enables customers to maintain accurate metadata for newly discovered entitlements.

To ensure proper oversight, both user and entitlement LCM enforce organizational policies through approval workflows. Before any changes to a user or entitlement are applied, an authorized user must approve the request. This process prevents end users from updating user information or granting excessive permissions without review and ensures access remains aligned with company policies.

Personas

User LCM usse the following personas:

User LCM Personas
Persona Description

Administrator

A tenant administrator or an "internal" administrator, such as a properly configured OAuth 2.0 client from IDM.

Manager

A user listed as the manager of the user in Advanced Identity Cloud.

Direct report

A user listed as the direct report of the user in IGA.

End user

A user in Advanced Identity Cloud. This user might be an application or entitlement owner, receive permissions directly from IGA scopes, or hold no additional user-related permissions.

Entitlement LCM use the following personas:

Entitlement LCM Personas
Persona Description

Administrator

A tenant administrator or an "internal" administrator, such as a properly configured OAuth 2.0 client from IDM.

Application owner

A user listed as the owner of an application in Advanced Identity Cloud.

Entitlement owner

A user listed as the owner of the entitlement in IGA.

End user

A user in Advanced Identity Cloud. This user might be an application or entitlement owner, receive permissions directly from IGA scopes, or hold no additional entitlement-related permissions.