Provision, audit and report on user access and activity

Identity Governance and Intelligence provides functionality to cover enterprise user lifecycle management, including access risk assessment and mitigation using business-driven identity governance and end-to-end user lifecycle management. Governance and Intelligence helps organizations mitigate access risks and access policy violations by using intelligence driven, business-driven identity governance integrated with end-to-end user lifecycle management.

IBM Security Identity Governance and Intelligence offers:

  • An identity governance platform that lets IT managers, auditors and business owners govern access and ensure regulatory compliance
  • A business-activity-based approach to facilitate communication between auditors and IT staff and to help determine segregation of duties violations across enterprise applications, including SAP.
  • Better visibility and user access control through consolidating access entitlements from target applications and employing sophisticated algorithms for role mining, modeling and optimization.
  • User lifecycle management including provisioning and workflow capabilities, along with integration with  IBM Security Identity Manager and third-party tools.

IBM Security Identity Governance and Intelligence

  • Enables IT managers, auditors and business owners to govern access and evaluate regulatory compliance across enterprise applications and services using business activities
  • Provides analytics and reporting to gain deeper insight into users, roles and entitlements to help meet compliance requirements.
  • Helps IT managers and auditors define segregation of duties policies and remediate violations.
  • Automates the access review and recertification process required for compliance.

A business-activity based approach

  • Models segregation of duties violations derived from business activities, rather than relying on roles.
  • Reduces the number or rules needed to manage “toxic combinations”.
  • Simplifies the implementation and ongoing access review processes.
  • Includes SAP-specific segregation of duties support to extend the enterprise segregation of duties functions.

Better visibility and user access control

  • Allows translation of complex entitlements into easy to understand business language
  • Allows for role definition to be completed using both a top-down and bottom-up approach.
  • Consolidates access entitlements from enterprise applications into a central repository.

User lifecycle management

  • Includes capabilities such as provisioning and workflow management.
  • Integrates natively with  IBM Security Identity Manager.
  • Allows sharing of data about users, applications and entitlements.
  • Applies a consolidated approach to identity and access governance operations.
  • Provisioning native adapters for SAP R/3 (Java Connector libraries), SAP HR (IDoc files), IBM Security Directory Suite and other Lightweight Directory Access Protocol (LDAP) directories, Microsoft Windows Active Directory, Java Database Connectivity (JDBC), comma-separated value (CSV) files, XML and more.