Password Management

Reduce the burden of your help desk by providing the User with the ability to reset their own password securely. This allows the helpdesk to focus on higher priority tasks. IAM provides the following benefits:

• Reduced Single Sign-On, enabling the user to have the same username and password across multiple systems
• Reduce Calls to Helpdesk thereby increasing productivity of the User and the Helpdesk
• Improved Services level, enabling a 24x7 service
• Provide the ability to mandate and enforce stronger passwords, thereby improving overall security

Contact Praxism to find out more about "Password Management" and how you can realise significant cost benefits and ROI.

Identity Provisioning and De-provisioning

Automated provisioning and de-provisioning processes of identities, results in increased granularity of access control and overall efficiency. Through this capability, you can automatically create the right accounts in the right applications and systems, with the correctly assigned levels of access at the correct time.

The flip side, de-provisioning is equally as critical with the ability to ensure that user accounts are revoked when necessary.

Automated provisioning and de-Provisioning capabilities should be at the heart of any organisations compliance process.

• Integration with your HRMS/HRIS systems, provides an authoritative source to drive the "Zero day start/stop" for new starters and leavers
• HRMS/HRIS can be further integrated to determine role and resource assignments in the target applications, therefore providing job role profiles which are tied to logical access
• Data synchronisation and management of identities across your disparate business applications to ensure consistency.
• Ability to define further authoritative systems and applications for certain attributes

Attestation - Compliance Manager

Attestation is an essential part of the compliance-driven IAM solution in order to improve security. This process is also known as Re-certification or Periodic Review.

In the typical enterprise organisation, people move between departments, job roles and functions; they generally accumulate accounts and access levels in the process. It is estimated that on average, 30% of an enterprises privileges are incorrect, some of these could of course pose significant security risks.

It is not uncommon to find systems which hold as many as 50% more accounts than can be accounted for, with the extra accounts explained as either orphan, duplicate, redundant, or otherwise unnecessary.

Drive compliance through

• Attestation which allows you to inspect your environment and establish the current user accounts and access assignments
• Ad hoc reporting to provide the analysis of user, application, entitlement, role assignments, and more importantly your compliance status.
• Enforcement of compliance policies associated with identities, entitlements, roles and certifications with the ability to implement Segregation of Duties (SOD) rules.

This process allows you to build a mechanism to revoke any unnecessary accounts and/or access appropriately. The key to attestation processes is not only to define the process and delegate the tasks to appropriate users, but also to clearly present the assignment and account information to those users involved in the re-certification process (typically line manager, line of business resources, etc), so that it is a meaningful process which revokes any unneeded access.

User Self-Service

Empowerment is key, it reduces the overhead to maintain data and entrusts the User population to maintain their own data. Self-Service provides the ability for Users to self maintain selected data appropriately, therefore reducing the overhead for data maintenance and also giving users control over their own data.

Self-Service is of course controlled by access control, enabling only selective data to be self-maintained. It can also be backed by workflow activities to request additional approval should this be required.

Workflow Request and Approval

System based workflow to request and approve required items can drastically streamline provisioning processes, however more importantly it provides an audit trail of the initiator, requested user (if different) and the approver. The workflow system can be used for IT assets (such as accounts and privileges), however it can also be used for non-IT assets (business cards, equipment, etc).

Improve efficiency and accountability in your organisation today with a workflow capability which is integrated with your IAM solution.

Role Based Provisioning provides Role Based Access Control (RBAC). Often regarded as an overweight process and solution, RBAC has now matured and experience has shown that it is extremely effective in the assignment and control of rights to a user, through defined roles. Roles can exist at different levels, allowing for the definition of technical and business oriented-roles which bridge the IT-Business gap.

Role based provisioning allow your enterprise to

• Implement simpler security model and reduce errors
• Drive efficiency through pattern-based automated assignments
• Enforce Segregation of Duty (SOD) controls
• Provide delegation and automation for the assignment processes
• Identity sensitive assignments which require additional approval levels
• Empower users to initiate the request process (if desired)

Auditing and Reporting

Audit data and reporting can ensure ongoing compliance with internal and external regulations. Auditing by the IAM solution can tell you about the identities that flow through the IAM system and also provide notification based on certain configured events, such as account lockout or password change. It can be used to log the initiator of these events.

Additionally, more detective and preventative solutions can be implemented with a SIEM (Security Information and Event Management) solution, which can tightly integrate with IAM solutions.