Abstract: A distributed enterprise includes a policy management module and policy library for automating policy change alerting. The policy management module and policy library are configured to list associations between published policies, published policy exceptions, and one or more systems policies, and to determine if changes to published (written) enterprise policies, published policy exceptions, or systems policies have occurred. The policy management module and policy library are also configured to notify personnel of the distributed enterprise so that appropriate actions may be implemented.

Abstract: A system includes a schema defining terms for objects in an identity store, and a schema governance module controlling changes to the schema based on schema change criteria. A method of managing an existing schema defining objects in an identity store includes receiving a request specifying a proposed change to the existing schema, and determining whether to approve the proposed schema change based on schema change criteria.

Abstract: A method includes associating a task with one or more elevated rights, wherein the task is associated with a user's job responsibility and granting an elevated right account to the user based on a principle of least privilege, wherein the elevated right account provides the one or more elevated rights necessary to perform only the task associated with the elevated rights.

Abstract: A system includes a working state of an identity store having an account object, definitive state data having an account object in a known state, and a consistency checking module operable to determine whether the account object in the working state is consistent with the account object in the definitive state. The system also includes a self-healing module operable to manage the lifecycle of objects in the working state of the identity store. A method includes detecting an inconsistency between an account object in a definitive state repository and a corresponding account object in a working state repository, and generating an alert based on the detecting of the inconsistency.

Abstract: A method for managing changes to policies in an enterprise includes receiving a systems policy change request to change a systems policy that implements a published enterprise policy, determining whether the requested systems policy change complies with the published enterprise policy, and updating the systems policy according to the requested systems policy change if the requested systems policy change complies with the published enterprise policy. A system for managing policies in an enterprise includes a policy management module configured for receiving published policies and generating corresponding systems policies having data for implementing the published policies, and a policy library storing the published policies and the systems policies.

Abstract: Exemplary methods, devices, systems, and/or storage media for organizational data management, including staging, synchronizing, and exporting of organizational data. Exemplary data aggregation rules specify methods for aggregating data from a remote repository. Schemas are exemplary rules configuration data structures having elements for associating processing data objects in a buffer space objects in a core space. The elements may also specify importing attributes into and exporting attributes from the core space.

Abstract: Subject matter includes a password management system in which a web application obtains a list of accounts associated with a given user from an identity integration system connected to diverse data sources and in which a password can be updated in each data source, even when the identity integration system does not natively communicate with a data source.

Abstract: Systems and methods for populating attribute value fields in an entity object employ in a ranked list of transfer options to determine which of a plurality of transfer options will be used to populate the attribute value fields in the entity object.

Abstract: Subject matter includes exemplary flexible rules for defining an information management process, for example a process that manages information being transferred between databases or with respect to an exemplary metadirectory. The flexible rules have inherent logic to define part of an information management action or a database structure and perform a call out for custom logic. The custom logic performs or defines another part of the information management action or database structure. Besides the exemplary flexible rules, the subject matter describes exemplary identity information management processes, engines, and related methods.

Abstract: Exemplary methods and systems provide a relational directory of organizational information. Organizational data objects and their associated attributes are maintained in a relational directory. An organizational hierarchy is converted to a relational directory using projection, joining, and import attribute flow rules. Attributes in a relational directory may be exported out of the relational directory to a hierarchical directory.