Innovations and Integrations
Behavior Driven Governance (BDG)
One Identity provides Behavior Driven Governance (BDG) through the integration of OneLogin SSO, One Identity Manager 9.0 or later, and a Solution Accelerator, accessible via GitHub. One Identity behavior driven governance (BDG) solution seamlessly integrates the security benefits of access management with identity governance and administration (IGA) so that your organization can gain the visibility and permissions-management capabilities it needs to operate safely and efficiently. This high value solution provides customers full visibility into whether accounts and entitlements are necessary based on how they are being used and gives them the ability to implement policies to recommend or automatically remove unnecessary entitlements and accounts.
- Use access insights in OneLogin to inform governance policy decisions in Identity Manager
- Analyze access frequency and user location are taken from OneLogin and used to automatically determine access rights & entitlements in Identity Manager via policy
- Recommend removal of unused entitlements to reduce vulnerabilities
The solution works by having One Identity Manager evaluate OneLogin event data, including application access frequency. One Identity Manager can correlate these OneLogin applications with any associated accounts and entitlements and then, using an attestation, it provides the user's manager or responsible party the opportunity to revoke access that may not be needed due to lack of application use
Just-In-Time (JIT) Privilege
One Identity provides Just-In-Time (JIT) Privilege that combines the powerful Active Directory (AD) Management capabilities of Active Roles with the unmatched password management capabilities of Safeguard to significantly reduce the risk of cyberattacks on privileged accounts. One Identity Just-In-Time (JIT) Privilege provides privileged access to Active Directory (AD administrators only when necessary. When the account is no longer in use and is signed back in, JIT Privilege disables it and removes it from all privileged groups. The solution then changes the account’s password. This least privilege approach to AD access protects accounts from compromise. JIT Privilege technical details can be found on GitHub.
- Apply Zero Trust least privilege philosophy to AD privileged accounts only
- Ensure that privileged permissions are only available and assigned at time of request
- Revoke privileged permissions where they are no longer required
- Disable accounts when not in use
Privileged Access Governance
One Identity provides Privileged Access Governance (PAG) as an out-of-the-box module in Identity Manager that can integrate with Safeguard. Privileged Access Governance closes the gap between privileged access and standard user identities across the enterprise. It also protects and manages privileged access and grants a 360-degree view of users, accounts and activities. This integration module connects Identity Manager with Safeguard and provides enterprise provisioning and deprovisioning, access request and approvals, delegation of roles and responsibilities, policy/SoD detection and enforcement and attestation/certification of access.Provisioning and deprovisioning Access request and approvals
- Delegation of roles and responsibilities
- Policy/SoD detection and enforcement