Provision, audit and report on user access and activity
Identity Governance and Intelligence provides functionality to cover enterprise user lifecycle management, including access risk assessment and mitigation using business-driven identity governance and end-to-end user lifecycle management. Governance and Intelligence helps organizations mitigate access risks and access policy violations by using intelligence driven, business-driven identity governance integrated with end-to-end user lifecycle management.
IBM Security Identity Governance and Intelligence offers:
- An identity governance platform that lets IT managers, auditors and business owners govern access and ensure regulatory compliance
- A business-activity-based approach to facilitate communication between auditors and IT staff and to help determine segregation of duties violations across enterprise applications, including SAP.
- Better visibility and user access control through consolidating access entitlements from target applications and employing sophisticated algorithms for role mining, modeling and optimization.
- User lifecycle management including provisioning and workflow capabilities, along with integration with IBM Security Identity Manager and third-party tools.
IBM Security Identity Governance and Intelligence
- Enables IT managers, auditors and business owners to govern access and evaluate regulatory compliance across enterprise applications and services using business activities
- Provides analytics and reporting to gain deeper insight into users, roles and entitlements to help meet compliance requirements.
- Helps IT managers and auditors define segregation of duties policies and remediate violations.
- Automates the access review and recertification process required for compliance.
A business-activity based approach
- Models segregation of duties violations derived from business activities, rather than relying on roles.
- Reduces the number or rules needed to manage “toxic combinations”.
- Simplifies the implementation and ongoing access review processes.
- Includes SAP-specific segregation of duties support to extend the enterprise segregation of duties functions.
Better visibility and user access control
- Allows translation of complex entitlements into easy to understand business language
- Allows for role definition to be completed using both a top-down and bottom-up approach.
- Consolidates access entitlements from enterprise applications into a central repository.
User lifecycle management
- Includes capabilities such as provisioning and workflow management.
- Integrates natively with IBM Security Identity Manager.
- Allows sharing of data about users, applications and entitlements.
- Applies a consolidated approach to identity and access governance operations.
- Provisioning native adapters for SAP R/3 (Java Connector libraries), SAP HR (IDoc files), IBM Security Directory Suite and other Lightweight Directory Access Protocol (LDAP) directories, Microsoft Windows Active Directory, Java Database Connectivity (JDBC), comma-separated value (CSV) files, XML and more.