Identropy provides delivery services for end-to-end Identity Management solutions. Our Identity Management experts are knowledgeable in the latest Identity Management technologies and can effectively apply these technologies to solve business problems, providing clients with balanced consultation and delivery services. Our services span the following areas:
Automated Provisioning
|
|
A user provisioning solution automates the process of creating and managing user accounts across a wide variety of enterprise systems.
Common benefits include the enforcement of security and segregation of duties policies, compliance monitoring and reporting, as well as connector technology that enables simple integration into heterogeneous systems.
The solution consists of workflows that enable business managers to provision for their staff and customers, as well as the ability to ensure an approvals-based process where necessary. This approach can both delegate provisioning authority so as to decentralize the process, while simultaneously centralize the provisioning point from a technology perspective. This lends to rich and useful reporting capabilities that detail when a request was made, who approved it and when, and ultimately when a person was granted a user account for a specified target.
Why Identropy Should be Your Integration Partner
Identropy solves one problem, and does it well. Our sole focus is to deliver Identity Management platforms. To that end, we have developed products and services that ensure cost-efficiency, life-cycle predictability, and client satisfaction by closely focusing on client participation throughout the delivery process.
To schedule an on or off-site meeting with Identropy’s Architects,
contact us
.
|
Password Management
Click to Enlarge
The process of engaging helpdesk to perform a simple password reset can cost your organization from $51 (best case) to $147 (worst case) for labor alone, according to Gartner. Password Management solutions provide end users the ability to register a profile by answering a number of predefined questions about themselves that are used by self-service password reset workflows, thereby reducing help desk calls by upto 30%. This allows users to bypass calling helpdesk, empowering them to reset passwords themselves via a web-based application. Other features include integration into the Windows environment by allowing password synchronization across disparate systems, triggered based on Windows passwords being changed, although some of these changes require deployment of DLLs on the Active Directory Domain Controller or changes to the Microsoft GINA on client machines.
Attestation/Compliance Management
Attestation solutions enable business managers to periodically review and verify employee access rights across heterogeneous systems. This process ensures that only appropriate individuals have access to sensitive information. Part of the solution is a comprehensive audit trail of user privileges, including when, why, and through which systems information was accessed. The cost of demonstrating compliance can substantially increase through process of “recertification,” which requires a regular and periodic demonstration of compliance - especially when you have to repeat the same manual processes for every audit.
An attestation solution can automate this process, provide the ability to define and enforce segregation of duties (SoD) policies, as well as automatically trigger compliance actions based on specified events. The solution also creates a rich audit trail of attestation actions, allows for delegation where appropriate, as well as provide the ability to prevent user access to resources until policy awareness testing is passed.
Role Management
Role Management tools enable organizations to automate the often manual, cumbersome, and inefficient process of role creation and ongoing management. A role is a representation of a set of access rights to resources, which could correspond to a business function. Roles reduce the complexity of user administration by mapping a large population of users into a smaller number of well-defined roles, and can be extremely useful in the management and implementation of provisioning solutions. These roles ultimately become the cornerstone of ongoing user security policy management.
The problem arises when defining these roles. Most organizations attempt to identify roles based on easily accessible data, such as job code. Unfortunately, this type of approach is rarely successful because the resultant "roles" do not map cleanly to "access rights" patterns.
Two approaches to the problem include a "top down" approach and a "bottom up" approach. The "top down" approach uses organizational hierarchies as a basis to define roles. The "bottom up" approach uses existing data on user accesses as a basis to define roles. A good Role Management system leverages both approaches where appropriate, can enforce Segregation of Duties (SoD) policies, as well as modify roles as business requirements change.