IGA 10 for Identity Governance and Administration

Everyone can save time and be more efficient

Reduce operational risks

Evidian enables you to focus and target primarily on the certification of access that could create a risk for the company. This makes more frequent reviews possible for this type of access without imposing tedious and time-consuming tasks (that can lead to human errors) for the persons in charge. Levels of responsibility are already defined in the Access Certification campaigns, allowing organizations to assign the right level to the right participant. Campaing monitoring dashboards allow you to manage effectively campaign progress.

Give more autonomy to the user

Evidian turns your users into the main actors of your authorizations:

• Employees, partners or externals, within a centralized or distributed organization.
• Working on premises or remotely from a PC, tablet or smartphone.

New employees can start work more quicker and their rights are established automatically according to their responsibilities (additional validation steps may be added if required). Users can manage and request more rights by simply using a self-service portal. If users change role in the organization, their access rights are adjusted accordingly.

Leverage your investments

With Evidian, increase your current security policy hosted in the identity repository to adapt your security requirements to your new challenges. You certainly spent time defining the rights that each user should have according to her/his business needs and modeled them in the corporate directory. Evidian offers the possibility to easily import this information in our security model and benefit from the entire set of functionalities offered by a tool designed to help you with the user access governance.

Address SaaS applications in a secure and cost effective way

With Evidian, you can manage and secure access to applications in the Cloud with controlled costs. Accounts in the Cloud applications will be dynamically created when the end-user requires access to them. This feature will prevent you from spending money on unused accounts and will help you deploy the use of Cloud applications.

The 4 pillars of Evidian Identity Governance and Administration

Evidian Identity Governance and Administration brings you:

Identity management

• Creation of a centralized repository of digital identities
• Multiple types of information sources: HR systems, LDAP Directories, CSV/XLS files…
• Non-intrusive with sources of identity information
• Capacity to automatically launch Identity Management processes based on detection of changes
• Capacity to follow enterprise evolutions; very easy to add/remove organizations
• Simulation capability and Threshold management

Security Policy definition

• Security policy based on RBAC (Role-based access control) model extended with Organizations, Contexts and Business Rules
• User entitlement based on role assignment, role-organization couple, exceptions or “same as another user”
• Dynamic role assignment based on user attribute values and time constraints
• Management of risks (SOD) at user entitlement and role content definition
• Centralized or distributed administration
• Simulation capability, Central audit & reporting features

End user self-service and process management

• End-user self-service portal; password reset, white pages, access requests, validation
• Ready to use set of Identity & User entitlement management processes
• Dynamic customization of the data and pages structure based on the user’s needs
• User entitlement management delegated to the Business
• Workflow actors & sequence based on Security Policy, no need to modify workflow process itself
• Capacity to modify workflow processes structure with the “Workflow Editor” option

Access management to applications

• Several Authentication Methods; Kerberos, Social Authentication, Strong Authentication, QREntry
• End User activation
• Standard connectors; LDAP, SQL, CSV, AD, Lotus Notes, SAP, GCOS, IBM RACF, SalesForce, Google Apps, Office 365 & Generic connec.
• Capacity to manage AD & RACF low level permissions, e.g. printers, shared resources
• Several processes to tailor provisioning actions
• Reconciliation process to check the compliance with the defined policy
• Integration with CyberArk & Wallix PAM tools
• Integration with Service Now  ITSSM

Compliance

• Access Certification campaigns
• Ability to set a range of risk levels associated with the access rights to be certified, as a choice criterion
• Definition of multiple levels of responsibility
• Monitoring of campaign progress
• Related reports

Reporting

• Policy Status: provides status on the policy objects of your solution
• User Lifecycle: provides information about user arrivals and departures
• Statistics: helps you monitor the use of the policy
• KPI – Quality: gives you Key Performance Indicators (KPIs) and Quality information on the policy you defined for your solution
• Activity: helps you monitor the user activity

Flexibility to adapt and develop alongside your organizational structure

Evidian Identity Governance and Administration is a standard product which is easy to implement:

• It facilitates the creation of a central repository of identities accessing the information system
• It can be used immediately
• It requires no modification of existing applications
• It is compatible with your infrastructure
• You do not need to modify your current user database

Evidian Identity Governance and Administration adapts to your organizational structure

• It lets you model access to client applications in the form of roles that can be understood by operators
• It gives an inventory and analysis of the access policy, which you can implement through a process of “reconciliation”
• Workflow processes allow approval cycles to be automated and automatically adapt if the policy is modified

Evidian Identity Governance and Administration supports the company in all its activities and developments:

• Unified management of the “extended” company (subcontractors, clients, etc.)
• Extension of the installation in the event of a merger/acquisition

Extended company

The issue

Recent technical developments offer companies new possibilities for developing their activities. The rapid expansion of the internet and cloud computing and the multiple ways of accessing information allow companies to implement activities and processes beyond the traditional boundaries of technical environments, which are physically partitioned “within a building”. For example, an international financial entity, hospital group or distribution company may now wish to offer centralized and shared services, which can be securely accessed from their branches, various shops and premises. These entities still need reassurance about the security, facility and traceability of access to the services they offer without increasing the administrative burden of these services. They must be able to delegate local user administration to intermediate managers or allow end users to make access requests by triggering the required validation processes to ensure that the request is well founded.

Our Identity and Access Management solution

Evidian IAM Suite, particularly the Identity and Access Manager and Web Access Manager products, allows these organizations to set up centralized web services while delegating user administration to their immediate managers and ensuring easy and secure access. A professional institution was able to open up its services to 5,000 member companies and their 100,000 employees via a portal. Authorizations are delegated to a manager for each member company. Evidian IAM Suite ensures access control, in compliance with the authorizations delegated.