Organizations need to secure their business by unifying access to accounts, external accounts, privileged accounts, data and applications throughout the user's lifecycle. Also, they need to be able to mitigate risk by identifying sources of controlled data, securing that data, meeting uptime requirements, satisfying compliance obligations and increasing productivity by giving users faster access to the data and applications they need to do their jobs—and nothing more. Identity Manager streamlines the process of managing user identities, data access, privileges and security enterprise-wide. Identity and access management (IAM) can finally be driven by business needs, not IT capabilities. IAM challenges can now be met with much less complexity and at a fraction of the time and expense of traditional solutions.
Identity Manager gives you the visibility and control you need to:
The Identity Manager family of solutions includes two product offerings so you can choose the one that best meets your organization's specific access management needs:
The table on the next page will help you determine the solution that is best for you based on your organization's specific access governance needs and platform requirements.
Module (with real-world examples underneath) | Identity Manager | Data Governance Edition |
IT shop & workflow A user requests access to resources and the request is automatically routed to appropriate reviewers for approval or denial. | X | X |
Account provisioning A user needs a new account in AD and Exchange. | X | X |
Account provisioning to other systems A user needs a new account in LDAP, SAP, databases, ERP, mainframe, cloud applications. | X | |
Custom object provisioning A user needs a new VPN or smartphone account. | X | |
Unified namespace The solution includes a system abstraction model for handling common requests, recertification, attestation and reporting in Target systems like ServiceNow. | X | |
Flat File import Populate identities from external data sources via a flat file import. | X | X |
AD group creation & deletion A new group should be created or an existing one should be deleted. | X | X |
System role management The solution groups permission sets within a target system such as SAP Business Warehouse (BW) and bundles access rights to reports in BW and access rights to data for those reports. Typically these are defined in separate SAP groups but Identity Manager makes them a role. | X | |
Business role management Users with the AP Finance role should be automatically added to the Finance group. | X | |
Delegation of responsibilities A user wants to delegate a management function to another approver. | X | X |
Reporting subscription A business user or auditor wants to subscribe to a weekly report. | X | X |
Risk assessment The share or application for Senior Finance roles only is deemed high-risk. | X | X |
Attestation or certification Line-of-business personnel need to certify whether "Chris Smith" should have particular entitlements, or should be a member of a group. | X | X |
Separation of duties The system checks to ensure that a user does not have conflicting entitlements. | X | X |
Company policies The business needs to set policies that detect violations and record violations from external systems. | X | X |
Helpdesk Logging a problem, linking the data and information with employees, hardware, workdesks, as well as chronological tracking of the steps and measures taken to work out a solution to the problem. | X | |
Chargeback Creation of automated billing based on the IT services being provided. | X* | |
Data governance - Access The business needs to control who has access to unstructured data. | X | |
Data governance - Activity The business needs to identify who is accessing unstructured data. | X | |
Data governance - Attestation The business needs to certify access to unstructured data. | X | |
Data governance – New Share Request Creation The business needs to automate the creation of new requested shares. | X |