The challenges in managing identities
The modern enterprise consists of both on-premise and cloud-based solutions often being utilized by users who are often geographically distributed. These users may also be a mix of employees, contractors, customers, vendors and so forth. OpenIAM Identity Governance (IGA) simplifies the way in which organizations manage identities across this complex landscape. OpenIAM provides a set of user-friendly tools which help organizations:
- Improve security by enforcing the right level of access and removing access at the right time
- Improve operational efficiency and reduce cost by automating error-prone manual activities
- Improve end-user productivity through a feature-rich self-service portal
- Enable compliance with regulatory mandates such as GDPR and SOX
In addition to providing a robust IGA platform, OpenIAM was one of the first to market with a modern container-based architecture which has a small footprint but can scale to support the largest of deployments. OpenIAM also provides organizations the option to deploy on-premise or use the fully managed IDaaS.
Automated Provisioning and User Identity Lifecycle Management
As new employees join your organization, you face the conundrum of ensuring that they are given rights to all the systems and resources they need to do their work on the day they join the firm. Similarly, when a person changes positions within the firm, access that is no longer relevant must be revoked and access that is needed for their new position must be granted. For the situation of users leaving the firm or being terminated, it is even more imperative that permissions be addressed. Access to sensitive applications and data must be disabled/removed in a timely manner with traceability to avoid the consequences of a disgruntled user.
Without a system to automate these processes, it’s nearly impossible to achieve the above in a timely and consistent manner. OpenIAM Identity Governance provides a comprehensive solution to securely automate these processes so that the right users have the correct access at any given time and access that is no longer needed is revoked. Read more
To enable automated provisioning and de-provisioning, OpenIAM provides a rich set of out-of-the-box connectors for popular systems. These include LDAP, Microsoft Office 365, Active Directory, Google Suite, SAP, Oracle RDBMS and EBS, Workday, ServiceNow, Linux servers, and more. New connectors can be rapidly created using the connector development SDK. Read more
Self-Service Forgot Password
Traditionally, when an employee forgets his or her password, they must call the help desk for a reset. While waiting for this request to be completed, a significant amount of time generally elapses where the employee is idle and valuable time is lost. With OpenIAM’s Self-Service portal, users can securely reset their own passwords automatically to forgo the costly and time-consuming calls to the help desk so they can resume productivity. Self-Service Forgot Password also supports password synchronization where changes to passwords are securely propagated to the appropriate systems. Read more
When a user needs additional rights, he or she can access the OpenIAM Service Catalog and effortlessly add the required entitlements to a shopping cart. As part of this process users can define the reason why they need this access, the duration of the access and more. Upon submission of the request, it can be routed to one or more approvers based on the configured approval. Once all approvals have been obtained, OpenIAM will automatically provision the requested access. Each step in the workflow is logged in the audit events which provides organizations with traceability in how and when access was granted.
Periodic Review and Access Certification
Enterprises need a way to periodically review who has access to what. OpenIAM Access Certification allows organizations to configure periodic review based on users, applications or groups. These access review and certification campaigns allows organizations to ensure users have appropriate access and take steps to remedy incorrect privileges. The Access Certification solution provides a user-friendly way to define the review workflow, escalations to ensure that timelines are met, and a dashboard to monitor progress. Read more
OpenIAM Identity Governance provides organizations with a flexible Role Based Access Control (RBAC) solution which can be used to define technical and business roles. The role model is used in conjunction with the automated provisioning solution to ensure that the right level of access is granted in a consistent manner. It is also used in the Access Certification solution.
OpenIAM provides an extensive and secure REST API which can be used to either integrate or extend OpenIAM. All operations which are performed through the OpenIAM UI can be implemented via the API as well. Read more
Due to accounting malpractice, cybersecurity breaches and concerns over user information privacy, organizations must now ensure that controls are in place to ensure compliance with regulatory mandates such as Sarbanes-Oxley, HIPAA, GDPR and CFAR. Failure to comply with these mandates can result in exorbitant fines. Having OpenIAM Identity Governance in place provides auditing, reporting, segregation of duties and tracking of user data that ensures compliance with these mandates. Read more