IGA 10 for Identity Governance and Administration
Govern in an optimized way the users’ access to relevant resources while controlling risk with Evidian Identity Governance and Administration
Within your organization, make sure that, among all users of the information system, only the right people have access at all times to the right applications with the appropriate rights, while taking into account the evolution of their activity.
To reach this goal, companies must be able to answer the following fundamental questions:
- Who should have access to which applications and with what rights?
- How and by whom is the identity lifecycle and user rights managed?
- How to regularly and efficiently monitor users’ rights?
…While respecting regulations in force and without harming your business agility.
Thus, organizations must be able to:
- Empower business lines in managing end-user rights,
- Focus and target primarily on the certification of access that could create a risk for the company, without imposing tedious and time-consuming tasks (that can lead to human errors) for the persons in charge,
- Ensure that the security policy is applied and detect inconsistencies,
- Ensure compliance with regulations in force and prove it,
- Allow users to request access rights or reset their passwords,
- Accelerate access to applications through the automatic provisioning,
- Improve user productivity by facilitating access to authorized applications, from everywhere.
Evidian Identity Governance and Administration is based on the four pillars of the Identity and Access Governance market: Identity, Policy, Process & Access, to reach these goals.
For everyone, access control will no longer be seen as a constraint, but as an optimization lever. Users get, in due time, access to the resources they need, with appropriate rights and for legitimate business reasons.
Everyone can save time and be more efficient
Reduce operational risks
Evidian enables you to focus and target primarily on the certification of access that could create a risk for the company. This makes more frequent reviews possible for this type of access without imposing tedious and time-consuming tasks (that can lead to human errors) for the persons in charge. Levels of responsibility are already defined in the Access Certification campaigns, allowing organizations to assign the right level to the right participant. Campaing monitoring dashboards allow you to manage effectively campaign progress.
Give more autonomy to the user
Evidian turns your users into the main actors of your authorizations:
- Employees, partners or externals, within a centralized or distributed organization.
- Working on premises or remotely from a PC, tablet or smartphone.
New employees can start work more quicker and their rights are established automatically according to their responsibilities (additional validation steps may be added if required). Users can manage and request more rights by simply using a self-service portal. If users change role in the organization, their access rights are adjusted accordingly.
Leverage your investments
With Evidian, increase your current security policy hosted in the identity repository to adapt your security requirements to your new challenges. You certainly spent time defining the rights that each user should have according to her/his business needs and modeled them in the corporate directory. Evidian offers the possibility to easily import this information in our security model and benefit from the entire set of functionalities offered by a tool designed to help you with the user access governance.
Address SaaS applications in a secure and cost effective way
With Evidian, you can manage and secure access to applications in the Cloud with controlled costs. Accounts in the Cloud applications will be dynamically created when the end-user requires access to them. This feature will prevent you from spending money on unused accounts and will help you deploy the use of Cloud applications.
The 4 pillars of Evidian Identity Governance and Administration
Evidian Identity Governance and Administration brings you:
- Creation of a centralized repository of digital identities
- Multiple types of information sources: HR systems, LDAP Directories, CSV/XLS files…
- Non-intrusive with sources of identity information
- Capacity to automatically launch Identity Management processes based on detection of changes
- Capacity to follow enterprise evolutions; very easy to add/remove organizations
- Simulation capability and Threshold management
Security Policy definition
- Security policy based on RBAC (Role-based access control) model extended with Organizations, Contexts and Business Rules
- User entitlement based on role assignment, role-organization couple, exceptions or “same as another user”
- Dynamic role assignment based on user attribute values and time constraints
- Management of risks (SOD) at user entitlement and role content definition
- Centralized or distributed administration
- Simulation capability, Central audit & reporting features
End user self-service and process management
- End-user self-service portal; password reset, white pages, access requests, validation
- Ready to use set of Identity & User entitlement management processes
- Dynamic customization of the data and pages structure based on the user’s needs
- User entitlement management delegated to the Business
- Workflow actors & sequence based on Security Policy, no need to modify workflow process itself
- Capacity to modify workflow processes structure with the “Workflow Editor” option
Access management to applications
- Several Authentication Methods; Kerberos, Social Authentication, Strong Authentication, QREntry
- End User activation
- Standard connectors; LDAP, SQL, CSV, AD, Lotus Notes, SAP, GCOS, IBM RACF, SalesForce, Google Apps, Office 365 & Generic connec.
- Capacity to manage AD & RACF low level permissions, e.g. printers, shared resources
- Several processes to tailor provisioning actions
- Reconciliation process to check the compliance with the defined policy
- Integration with CyberArk & Wallix PAM tools
- Integration with Service Now ITSSM
- Access Certification campaigns
- Ability to set a range of risk levels associated with the access rights to be certified, as a choice criterion
- Definition of multiple levels of responsibility
- Monitoring of campaign progress
- Related reports
- Policy Status: provides status on the policy objects of your solution
- User Lifecycle: provides information about user arrivals and departures
- Statistics: helps you monitor the use of the policy
- KPI – Quality: gives you Key Performance Indicators (KPIs) and Quality information on the policy you defined for your solution
- Activity: helps you monitor the user activity
Flexibility to adapt and develop alongside your organizational structure
Evidian Identity Governance and Administration is a standard product which is easy to implement:
- It facilitates the creation of a central repository of identities accessing the information system
- It can be used immediately
- It requires no modification of existing applications
- It is compatible with your infrastructure
- You do not need to modify your current user database
Evidian Identity Governance and Administration adapts to your organizational structure
- It lets you model access to client applications in the form of roles that can be understood by operators
- It gives an inventory and analysis of the access policy, which you can implement through a process of “reconciliation”
- Workflow processes allow approval cycles to be automated and automatically adapt if the policy is modified
Evidian Identity Governance and Administration supports the company in all its activities and developments:
- Unified management of the “extended” company (subcontractors, clients, etc.)
- Extension of the installation in the event of a merger/acquisition
Recent technical developments offer companies new possibilities for developing their activities. The rapid expansion of the internet and cloud computing and the multiple ways of accessing information allow companies to implement activities and processes beyond the traditional boundaries of technical environments, which are physically partitioned “within a building”. For example, an international financial entity, hospital group or distribution company may now wish to offer centralized and shared services, which can be securely accessed from their branches, various shops and premises. These entities still need reassurance about the security, facility and traceability of access to the services they offer without increasing the administrative burden of these services. They must be able to delegate local user administration to intermediate managers or allow end users to make access requests by triggering the required validation processes to ensure that the request is well founded.
Our Identity and Access Management solution
Evidian IAM Suite, particularly the Identity and Access Manager and Web Access Manager products, allows these organizations to set up centralized web services while delegating user administration to their immediate managers and ensuring easy and secure access. A professional institution was able to open up its services to 5,000 member companies and their 100,000 employees via a portal. Authorizations are delegated to a manager for each member company. Evidian IAM Suite ensures access control, in compliance with the authorizations delegated.