Reusable IAM capabilities, classified by product.

Provisions additional AD accounts for the same IDM user when required, supporting separate test, service, or admin accounts with clear accountability.

Integrates an application into IAM using a generic approach during onboarding, accelerating integration speed and reducing connector backlog.

Sends configured email notifications using eDir technical objects, standardizing messaging setup and making changes easier for administrators.

Provisions and manages internal eDirectory/IDM rights as accounts and groups, improving least-privilege control and auditability of admin access.

Compares application data with IAM data during reconciliation and imports anomalies via CSV, enabling data-driven cleanup and governance evidence.

Defines all possible values of an entitlement in a table, standardizing inputs and enabling validation, picklists, and cleaner governance reporting.

Limits processing when a flood of transactions is detected, protecting IDM and connected applications from overload and reducing outage risk.

Enforces and protects attribute values across eDir and remote systems when changes flow end-to-end, preventing unauthorized drift and improving compliance.

Tracks and notifies when roles are granted or revoked, creating immediate visibility and an evidence trail for ops and audit.

Records historical values when designated attributes change, enabling audits, troubleshooting, and delta-based governance decisions over time.

Sends configured email notifications using eDir technical objects, standardizing messaging setup and making changes easier for administrators.

Provisions additional AD accounts for the same IDM user when required, supporting separate test, service, or admin accounts with clear accountability.

Revokes or empties a user's Personal Role when key org attributes change, preventing access drift and improving mover safety.

Updates group membership automatically when authoritative attributes like department or role change, keeping access groups aligned without manual effort.

Keeps a copy of revoked roles for a configured grace period after revocation, reducing disruption risk and enabling smoother transitions.

Assigns or revokes roles when external workflows write instructions into IAM-EventTriggers, executing deterministic role changes without direct RBPM APIs.

Tracks and notifies when roles are granted or revoked, creating immediate visibility and an evidence trail for ops and audit.

Executes predefined actions when a user reaches a specific lifecycle status, centralizing automation and improving joiner-mover-leaver hygiene.

Records historical values when designated attributes change, enabling audits, troubleshooting, and delta-based governance decisions over time.

Normalizes data between LDAP objects when values are created or updated, improving consistency and reducing downstream mapping and edge cases.

Maintains reciprocal attributes when an interface cannot, preserving consistent relationships like manager-subordinate or group-member and reducing mismatches.

Sends configured email notifications using eDir technical objects, standardizing messaging setup and making changes easier for administrators.

Replicates eDir groups to AD when group data changes, including dynamic and nested patterns, propagating consistent access models across directories.

Executes predefined actions when a user reaches a specific lifecycle status, centralizing automation and improving joiner-mover-leaver hygiene.

Reassigns a user's manager when the current manager leaves or is disabled, preserving approval chains and preventing orphaned relationships.

Sets a user as local admin on domain-joined computers when the corresponding IDM role is granted, enforcing controlled endpoint admin rights.

Alerts security teams in real time when high-risk AD modifications occur, improving monitoring, audit evidence, and incident triage.

Tracks and notifies when roles are granted or revoked, creating immediate visibility and an evidence trail for ops and audit.

Sends configured email notifications using eDir technical objects, standardizing messaging setup and making changes easier for administrators.

Enforces and protects attribute values across eDir and remote systems when changes flow end-to-end, preventing unauthorized drift and improving compliance.

Creates equivalent IDM roles from existing AD groups and assigns current members, easing migration from groups to roles and speeding adoption.

Precomputes UI and email tokens when identity data changes, ensuring consistent derived values are always available for rendering and messaging.

Creates static groups from dynamic groups when consumers cannot use dynamic logic, providing compatible snapshots for downstream systems.

Drives user status transitions across the lifecycle, standardizing joiner-mover-leaver progression and reducing ad-hoc lifecycle flows.

Denormalizes data between LDAP objects when consumers need flattened attributes, reducing lookups and simplifying provisioning and queries.

Applies configured miscellaneous and customer-specific behaviors when needed, providing a controlled extension point without scattering customizations.

Moves a user between directory containers when type or status indicates staging-to-managed transitions, improving scoping and reducing provisioning risk.

Generates an initial password when onboarding occurs and communicates it to the manager, reducing manual handling and standardizing joiner security.

Prepares role assignment data when governance collection runs, easing Identity Governance ingestion and improving downstream review and reporting readiness.

Assigns or revokes roles when a trigger attribute changes, updating an action log to provide deterministic, auditable role automation.

Cleans up roles, tasks, and related items at end of lifecycle, reducing residual identity footprint and improving leaver hygiene and audit outcomes.

Imports various data from CSV when bulk ingestion is needed, enabling rapid onboarding or migrations and optionally acting as an HR source.

Runs operational maintenance utilities such as certificate validation when scheduled or invoked, reducing silent failures and improving stability.

Provisions Active Directory using pre-configured Mir.IAM logic when IDM processes execute, accelerating AD onboarding and reducing configuration effort.

Installs software on PCs when a user is granted the corresponding IDM resource, making endpoint delivery governed through role-based entitlement.

Collects configuration and data from eDir for front-end instances when requested, enabling dynamic screens and reducing hardcoded UI logic.

Executes task-focused transactions on User objects in eDir when invoked, providing an API layer for UIs, integrations, and orchestration.

Executes user-focused transactions on User objects in eDir when invoked, standardizing access to user operations for services and automation clients.

Transforms a global status into a local status when configuration applies, enabling correct scoping across multi-context or multi-tenant deployments.

Includes or excludes users from scope based on group membership or cn patterns, preventing accidental management and enabling phased rollouts.

Imports servers, IPs, and repository or resource pools from CSV when PAM inventories must be onboarded, reducing manual effort for readiness.

Imports roles, resources, relationships, and assignments from CSV when bulk setup is required, accelerating migrations, go-lives, and remediation.

Slows down or pauses processing when specific events occur, acting as a circuit breaker to prevent cascading failures and protect targets.

Creates micro-ticketing for SPIDER tasks when no external ticketing exists, keeping integration work trackable, prioritized, and auditable.

Instantiates reusable front-end code per use-case when needed, accelerating consistent UI delivery and reducing maintenance across deployments.