We help customers implement the functions of Identity Governance and Administration as defined by Gartner:
- Identity life cycle: Maintaining digital identities for people and things (including software), their relationships with the organization, and their attributes during the entire process from creation to eventual archiving and deletion, using one or more identity life cycle patterns. Identity life cycles for people cover business-to-employee (B2E), B2B and B2C use cases.
- Entitlement management: Maintaining the link between identities and entitlements to be able to tell who has access to what and who is responsible for maintaining an entitlement. This includes maintaining and curating the entitlements catalog to describe the types of entitlements, such as accounts, roles, group memberships, etc.
- Access requests & Workflow: Enabling users, or others acting on behalf of users, to request entitlements through a business-friendly user interface and orchestrating tasks to enable functions such as access approvals, notifications, escalations, manual fulfilment requests and integration with other business processes. For example, this allows managers or resource owners to approve or deny requests.
- Policy and role management: Maintaining rules that govern automatic assignment (and removal) of entitlements; providing visibility of entitlements for selection in access requests, approval processes, dependencies and incompatibilities between entitlements (such as segregation of duties [SOD] violations); etc. Roles are a common vehicle for policy management.
- Reconciliation : Aggregation of accounts and entitlements from account repositories to the IGA tool.
- Access certification: Enabling people like managers and resource owners to review and certify the entitlements that users have on a periodic basis to ensure that access is appropriate and complies with policies. (This is sometimes called “attestation.”)
- Fulfilment: Propagating changes initiated by the IGA tool to account repositories. Automatic fulfilment (often called “provisioning”) connects with account repositories, while manual fulfilment utilises a workflow or external process and tool (such as ITSM tools) to complete actions.
- Auditing: Evaluating the current state of identities and entitlements against business rules and controls, providing a means for alerting control owners of exceptions (such as changes made directly on target systems) and allowing for orderly remediation (case management).
- Identity analytics and reporting: Providing means to: (a) evaluate risk based on identity information insights; (b) apply techniques to cleanup excessive, outlier or wrongful entitlements; and (c) enhance the continuous process of identity governance, including risk reporting. Role mining and engineering was one of the first examples for analytics. Identity analytics has evolved to enable smarter microcertification campaigns, contextualized access requests and approvals, and enhanced policy violation detection, among other use cases.