One Identity provides Behavior Driven Governance (BDG) through the integration of OneLogin SSO, One Identity Manager 9.0 or later, and a Solution Accelerator, accessible via GitHub. One Identity behavior driven governance (BDG) solution seamlessly integrates the security benefits of access management with identity governance and administration (IGA) so that your organization can gain the visibility and permissions-management capabilities it needs to operate safely and efficiently. This high value solution provides customers full visibility into whether accounts and entitlements are necessary based on how they are being used and gives them the ability to implement policies to recommend or automatically remove unnecessary entitlements and accounts.
The solution works by having One Identity Manager evaluate OneLogin event data, including application access frequency. One Identity Manager can correlate these OneLogin applications with any associated accounts and entitlements and then, using an attestation, it provides the user's manager or responsible party the opportunity to revoke access that may not be needed due to lack of application use
One Identity provides Just-In-Time (JIT) Privilege that combines the powerful Active Directory (AD) Management capabilities of Active Roles with the unmatched password management capabilities of Safeguard to significantly reduce the risk of cyberattacks on privileged accounts. One Identity Just-In-Time (JIT) Privilege provides privileged access to Active Directory (AD administrators only when necessary. When the account is no longer in use and is signed back in, JIT Privilege disables it and removes it from all privileged groups. The solution then changes the account’s password. This least privilege approach to AD access protects accounts from compromise. JIT Privilege technical details can be found on GitHub.
One Identity provides Privileged Access Governance (PAG) as an out-of-the-box module in Identity Manager that can integrate with Safeguard. Privileged Access Governance closes the gap between privileged access and standard user identities across the enterprise. It also protects and manages privileged access and grants a 360-degree view of users, accounts and activities. This integration module connects Identity Manager with Safeguard and provides enterprise provisioning and deprovisioning, access request and approvals, delegation of roles and responsibilities, policy/SoD detection and enforcement and attestation/certification of access.Provisioning and deprovisioning Access request and approvals