Technology is not the answer. it is part of a holistic solution. you should be looking at things like: Access and Identity Management Databases and other data stores. Are they federated and do you have a s.p.o.t. (single point of truth). Is it multi-disciplinary? Is H.R, finance and other departments involved? Why is it being done? You will end up having an IT issue instead of a business solution. expectations need to be managed. i suggest u contact ibm, computer associates and the like, even micro$oft to help. this should be a process, the technology only approach may fail and with it, u. radius tacacs pam ldap active and e-dir are delivery mechanisms not a holistic solution on its own.