Regulatory requirements, such as GDPR, HIPPA and SOX combined with an increased focus on security are causing more companies to implement access certification policies. Regularly scheduled access certification campaigns can aid in complying with these regulatory mandates as well as improve security by guarding against access violations which can lead to security breaches. However, when performed manually, these activities can be error prone and very time-consuming for most mid to large organizations. The lack of consistency resulting from these manual processes can result in failed compliance audits and threats resulting from unauthorized access can slip undetected. OpenIAM provides the ability to automate the access certification process which addresses the challenges found when performing these processes manually. The following types of certifications are supported by OpenIAM:
- User Access Certification
- Application Access Certification
- Group Access Certification
These campaigns can be scheduled and run at regular intervals or they can be run on demand. The Access Certification functionality in OpenIAM provides organizations with capabilities described below.
User Friendly Reviews
End-users (reviewers) using OpenIAM’s access certification functionality can perform their activities in the familiar self-service portal. Reviewers can review all the access in a central location as well as use tools to compare access between individuals.
During the certification process, reviewers can revoke accounts and entitlements with a simple one-click mechanism. The closed-loop validation mechanism will then ensure that revoked access has been de-provisioned from the target application.
Support for Cloud (SaaS) and on-premise applications
An increasing number of organizations today have hybrid environments where applications are deployed both on-premise and in the cloud as SaaS solutions. OpenIAM provides a central identity governance platform and certification programs can be undertaken irrespective of their location.