05 May Entitlements Management with Analytical and Human Insight!
Identity Governance and Administration (IGA) has evolved into a business driven compliance and risk-based program with capabilities focused on entitlement management and access certifications. Entitlements management involves maintaining entitlements, and providing a means to capture, organize, and assign entitlements and associated permissions, that determine user access across applications. Entitlements are often defined using IT-oriented and cryptic names and lack descriptive metadata; Entitlements needs to be enriched in IGA entitlements catalog to associate friendly names, descriptions and additional metadata that would be meaningful to business users to make access request & access review decisions.
Confluxsys Identity Analytics Platform (IAP) provides an innovative solution that brings social aspects to Identity Governance allowing business users to enrich entitlement catalog through collaboration. As entitlements are often IT-oriented and cryptic names, IAP Collaboration solutions harnesses organizational knowledge (human insight) to update it with business friendly names, description and providing business and application context.
Confluxsys IAP’s “analytical insights” combined with “human insights” (organizational knowledge) helps organizations enrich entitlement catalog with business context and information.
Confluxsys IAP leverages your existing IAM/IGA investments and extends IGA deployments with Business friendly and Insight driven features:
Entitlement catalog enrichment through collaboration
Various stakeholders in the organization have application and business context knowledge (“human insight”) regarding an application entitlement; Confluxsys IAP enterprise collaboration interface (LinkedIn like interface) allows exchange of entitlement information with up or down vote, to capture, enrich and publish entitlement information.
Entitlement enrichment collaboration task is triggered along with an application access certification campaign for the associated entitlements. During the access certification campaign all the actors (managers/ reviews, certifiers/ application owners) have the opportunity to provide inputs for Entitlement description and up or down vote a description. At the end of the access certification campaign, the application manager can take account of all the inputs and votes to update and enrich the Entitlements catalog.
Application Owner bulk update of entitlement catalog information:
Confluxsys IAP provides a spreadsheet / excel based interface for Application Owners to extract, enrich entitlements information with business context data and import to IGA entitlement catalog. The user friendly interface allows Application Owner to easily manage entitlement updates and track entitlement description and definition changes.
Manage and control “Entitlement Definition”:
Confluxsys Identity Analytics solution extends IGA deployments to manage and control “Entitlement Definition” i.e. Entitlement (group) to Application Permission assignment, beyond just “User to Entitlement assignment”. For enterprise application with complex Application Permissions (ERP, SAP, RACF, Tandem, Unix, AD etc), it is not adequate to just review “User to Entitlement assignment” without the knowledge of associated Application Permissions. Confluxsys IAP provides a holistic view of user access by managing “Entitlements Definitions” during access assignment and access reviews. Manish’s post on entitlements management has details about Confluxsys entitlement definition solution.
Analyze and gain Insight:
- Confluxsys IAP analytics solutions along with data visualization tools provide greater insight into Access Entitlement for applications. Our analytics solution helps analyze Entitlement data quality: entitlements with privileged permissions, potential SOD entitlements, rarely used entitlements, entitlements with missing business description, duplicate business description, and generic one word description.
Confluxsys Identity Analytics Platform’s “analytical insights” combined with “human insights” (organizational knowledge) helps organizations enrich entitlement catalog with business context and information, thus providing organizations with a deeper insight of user access during access requests and access certification process.