Business User Governance Demo

For many organizations identity governance is a tactical response to a pressing issue, such as an audit finding or growing remote workforce. The process of creating a secure and well-governed organization has historically been very time consuming for IT organizations, which is why many IGA projects can become abandoned midstream, leaving organizations unable to get the full value out of their solution. Identity Manager helps solve this problem with many features that enable IT organizations to distribute the load of creating and maintaining comprehensive policy-driven governance model, effectively engaging the business users who know the most about what types of access their teams need, while allowing responsible oversight and auditability of all access. This allows the organization to grow and mature organically, maximizing the efficiency of your IT resources and providing a secure governed enterprise. Here, a new employee logs into Identity Manager and is presented with tiles that they can use to do some of their own management of their identity. For example, they can manage some of their own data directly. Identity Manager uses information from the company's HR system to create this data. But if some information is left out or needs changing, the employee can make these changes themselves, and then Identity Manager facilitates the provisioning of these updates to the necessary target systems and accounts, including the HR system itself. This allows your employees to keep their own information up to date without having to burden the HR organization. If the employee needs additional access, they can request it from the Identity Manager IT Shop. The IT Shop is a built-in IT service catalog that can be used to request anything that you might need from entitlements and applications, roles, or even for non-IT items, such as facilities, access, or hardware. When the user makes an access request, they can check for compliance with any SOD policies prior to submitting the request. Once the request is submitted, it goes through an approval workflow that is designated by the admin team. Identity Manager includes dozens of different approval workflows out of the box. And any number of additional or custom workflows can be added, including automatic workflow steps, such as peer-group analysis based checks or recommendations based on parameters such as UBA or risk score. The employee's manager receives the requests, since they are the next in the approval workflow. They can choose to approve or deny the request. And if approved, it will proceed to the next step in the workflow. Managers have more authority in the organization. They can manage their direct reports information, including their organizational information, more personal details, and even things like accounts, roles, and entitlements. As we move up the org chart, employees can be granted more authority with Identity Manager's Application Roles. Application Roles allow granular delegated administration. And this is how business users can be included in the governance process. One of the major obstacles to effective identity governance in enterprises can be the daunting task of creating and maintaining role-based access model. With Identity Manager's App Roles, business users, such as department managers, system owners, or other responsible users, can contribute to building and maintaining roles directly. This manager can configure details of the role, view and edit members, edit or change membership criteria, or even add and remove access. Any access object in the system can be added. Imagine if every time a new employee is added to a certain department, they always must make a certain access request, such as for a software subscription or something like a piece of hardware. Now, the manager can directly add these frequently requested items to the role, which improves productivity and reduces the temptation to color outside the lines. When access changes are made, Identity Manager creates an auditable request process, where the IT role owner approves the changes, and the change gets recorded into the audit record for the role. This enables your role-based access model to organically grow and mature on its own. Who knows better what access their team needs than the team's manager? The CISO in this organization has the most authority over the identity governance solution. And here, we can view policies evaluate SOD policy violations, grant exceptions, and even create entire attestation policies in real time. It's not only the admins in the system that can create access review campaigns, but this authority can be granted using an App Role to responsible business users, such as the CISO. And Identity Manager isn't only limited to a small number of canned access review types, but it comes out of the box with dozens of different types of attestations and can be extended to include any number of custom attestation policies and even build them on the fly from the web interface. [MUSIC PLAYING]