[MUSIC PLAYING] Welcome, ladies and gentlemen, to another video series around the One Identity Manager. In this video series, I'd like to show you the Privileged Account Governance Module in One Identity Manager.
This is a joint venture with One Identity Safeguard, so you will see how these two products can interact perfectly. The video series itself, it's just divided into three parts.
In the first part, I show you why we implemented this specific module into the One Identity Manager. In the second part, I will then show you Privileged Account Governance from a business perspective. And in the third part, I will show you technical bits-- how to install and configure the whole thing.
Privileged Account Governance. It's a specific module that only exists for One Identity Manager 8.1. With that, it is pretty new, and I really hope you enjoy this video series. Please follow me to the screen now.
[MUSIC PLAYING]
What exactly is the Privileged Account Governance Module in One Identity Manager? As the name says, it is a module you can install in the Identity Manager. That means there is something to be checked during the initial installation or during an upgrade installation. And the idea is to add more functionality to the Identity Manager.
It is a module, like for example, the Active Directory Module or the LDAP or the SAP Module-- just a module that allows us to connect another target system. In this special case, the Privileged Account Governance Module, it's a module to connect a Privileged Account Management System.
In the world of One Identity, such systems are, for example, Safeguard. And to add Safeguard systems to the One Identity Manager, you need such a module.
The good message is, the same module can be used together with a synchronization engine of the Identity Manager to connect any Privileged Account Management System, as long as these systems just provide an API could be used, or they can just use the Identity Manager.
Once this module is installed, the full capability of the Identity Manager can be used to handle data that it gets reconciled out of Safeguard. Now, by connecting Safeguard to the Identity Manager, you can trust reached out to Safeguard data-- nearly everything beside the passwords, because they remain in Safeguard. But at the end, you can then handle this data in Identity Management Processes.
Is this something that replaces, then, Safeguard? No, of course not, because the Identity Manager, it's an identity and access governance tool. And Safeguard, it's a privileged account management tool.
These are two different tools. And it is like Identity Manager will never replace SAP because as well, the purpose of both tools are completely different. But what is possible is that you connect both worlds together and then can use data from one world in the other.
For example, on the one-hand side, you can create Safeguard users. These are accounts in Safeguard and can just run a complete request and approval process or something else with these users, which is not possible out of the box in Safeguard.
On the other-hand side, you can, as well, take the data from Safeguard and run at stations or use compliance policies with Safeguard data. With that, the connection between both tools is a cool joint venture. And this is, at the end, the idea behind this Privileged Account Governance Module.
On the slide, you can see that left-hand side in blue. This is the Identity Manager with all capabilities an identity and access governance tool will have.
On the right-hand side in orange, this is Safeguard with Privileged Account Management. Purpose there is to manage passwords and session for privileged users. And both are connected together, which is in the middle. And with this connection, we can have the capabilities out of both tools.
[MUSIC PLAYING]
Once we know what exactly the Privileged Account Governance Module is, the next question could be which benefits we will have out of this. We had some examples just previously in the last couple of seconds. But here it's now a more detailed list.
First of all, connecting safeguards through the Identity Manager, in the Identity Manager, the complete rich workflow engine of the Identity Manager could be used. And I'm talking about the workflow engine for provisioning processes.
Remember, the identity manager gets shipped with a very detailed process engine where we can build up highly sophisticated processes that are including everything, running code, sending emails, doing actions and different target systems, et cetera. And this is now, then, completely available for Safeguard.
For example, you can just create a privileged account somewhere and whatever else target system and later on use them in Safeguard. And the whole thing, it's just driven by the Identity Management System.
After all processes or ordering something in Safeguard, you can send out emails, you can run scripts, you can print something if this is necessary. There are many, many ways just to use this provisioning engine for something.
What is possible, as well, it's everything that is in interconnection with compliance. Yeah, that means attestation, re-certification, building up company compliance rules, including permissions in standard compliance rules. That means identity audit in Identity Manager, using reports, heat maps, dashboards, all the stuff to report privileged account management data.
Remember, we're just reconciling data out of Safeguard. And this data could be handled in the Identity Manager with the full power this tool will have.
This includes, as well, the third bullet point there, where we talk about consistent access governance processes. These are things as well. And I forgot to remember, there is, as well, risk management part of the Identity Manager could be used as Privileged Account Management as well.
As we know, Safeguard, it's an admin tool. It is for admins. These guys, they are handled, privileged account passwords and privileged sessions using privileged accounts.
Because of that, typically the business is not really connected to Safeguard. Only people with admin access will use this tool, which is great.
But sometimes in the business, as we all know, there are some other things as well. For example, there are business people having something to do on a server, which is not very often seen. But it sometimes happens, especially if we talk about business applications.
In these cases, people from the business need access to an admin tool like Safeguard, which is normally not something admins really like. And because of that, it is cool to say, hey, for this purpose, it's easy in an Identity Manager where all of these business people are every day just to request Safeguard resources.
And if they do so, then they can get it approved. And at the end, they can get their password or their session request in the Safeguard upfront. And everything, it's OK.
[MUSIC PLAYING]
07:53