Streamline identity, access and data governance through automation and access control

Determining which Identity Manager product is best for your organization

Organizations need to secure their business by unifying access to accounts, external accounts, privileged accounts, data and applications throughout the user's lifecycle. Also, they need to be able to mitigate risk by identifying sources of controlled data, securing that data, meeting uptime requirements, satisfying compliance obligations and increasing productivity by giving users faster access to the data and applications they need to do their jobs—and nothing more. Identity Manager streamlines the process of managing user identities, data access, privileges and security enterprise-wide. Identity and access management (IAM) can finally be driven by business needs, not IT capabilities. IAM challenges can now be met with much less complexity and at a fraction of the time and expense of traditional solutions.

Identity Manager gives you the visibility and control you need to:

Understand what you have in your environment and who has access to it
Empower business managers to understand what employee entitlements actually mean and certify access accordingly
Establish a continuous process to ensure that every individual has the right access to do their job, nothing more

The Identity Manager family of solutions includes two product offerings so you can choose the one that best meets your organization's specific access management needs:

Identity Manager streamlines enterprise-wide user provisioning, de provisioning and access approval processes to enable you to be the security "Risk Mitigator" your organization needs. Identity Manager is an intelligence-driven IAM platform that ties identities, permissions and roles to business rules. Your organization can track and report on rights, activities and policies in real time using the solution's access management and reporting tools. Identity Manager enables you to mitigate risk for your organization; control user and privileged access; govern identities; secure data; and get more done with less.. With Identity Manager you can unify security policies, meet compliance needs and achieve governance while improving business agility with a modular and scalable solution.
Identity Manager - Data Governance Edition: protects your organization by giving data access control to the business owners who actually know who should have access to which sensitive data, along with the power to analyze, approve and fulfill unstructured data access requests to files, folders and shares across NTFS, NAS devices and SharePoint. Provides Active Directory provisioning and business initiated request & approval workflow for user and group management. It also enables the business to execute important tasks such as AD group clean-up, self-service user access requests, enrollment, and attestations, removing the burden from IT

The table on the next page will help you determine the solution that is best for you based on your organization's specific access governance needs and platform requirements.

Choosing the right Identity Manager solution for your organization

Module (with real-world examples underneath)	Identity Manager	Data Governance Edition
IT shop & workflow A user requests access to resources and the request is automatically routed to appropriate reviewers for approval or denial.	X	X
Account provisioning A user needs a new account in AD and Exchange.	X	X
Account provisioning to other systems A user needs a new account in LDAP, SAP, databases, ERP, mainframe, cloud applications.	X
Custom object provisioning A user needs a new VPN or smartphone account.	X
Unified namespace The solution includes a system abstraction model for handling common requests, recertification, attestation and reporting in Target systems like ServiceNow.	X
Flat File import Populate identities from external data sources via a flat file import.	X	X
AD group creation & deletion A new group should be created or an existing one should be deleted.	X	X
System role management The solution groups permission sets within a target system such as SAP Business Warehouse (BW) and bundles access rights to reports in BW and access rights to data for those reports. Typically these are defined in separate SAP groups but Identity Manager makes them a role.	X
Business role management Users with the AP Finance role should be automatically added to the Finance group.	X
Delegation of responsibilities A user wants to delegate a management function to another approver.	X	X
Reporting subscription A business user or auditor wants to subscribe to a weekly report.	X	X
Risk assessment The share or application for Senior Finance roles only is deemed high-risk.	X	X
Attestation or certification Line-of-business personnel need to certify whether "Chris Smith" should have particular entitlements, or should be a member of a group.	X	X
Separation of duties The system checks to ensure that a user does not have conflicting entitlements.	X	X
Company policies The business needs to set policies that detect violations and record violations from external systems.	X	X
Helpdesk Logging a problem, linking the data and information with employees, hardware, workdesks, as well as chronological tracking of the steps and measures taken to work out a solution to the problem.	X
Chargeback Creation of automated billing based on the IT services being provided.	X*
Data governance - Access The business needs to control who has access to unstructured data.		X
Data governance - Activity The business needs to identify who is accessing unstructured data.		X
Data governance - Attestation The business needs to certify access to unstructured data.		X
Data governance – New Share Request Creation The business needs to automate the creation of new requested shares.		X