Identity Governance & Administration
Know who is accessing what and why!
The objective of identity and authorization governance can be summed up in one simple phrase: " the right right person, at the right time.
From this starting point, it is then a question of answering different questions such as :
- What are the identities of the users of the Information System?
- What are their rights on the Information System applications?
- Why were these rights granted?
- Are these rights always legitimate and compliant?
To answer these questions, identity and authorization governance must be approached from several angles:
- An organizational axis, taking into account the size of the company, its geographical distribution, its mode of governance, etc. ;
- A functional axis, linked to the organization's internal processes, activities, regulations to be respected, etc. ;
- A technical axis, depending on the complexity of the Information System, the history of its construction, a possible transition phase to the Cloud, etc.
One of the first objectives of the IGA is the implementation of a centralized and reliable repository, allowing the dissemination of quality information within the Information System:
- This involves building a master repository containing all the identities of the users of the Information System, whether they are employees, trainees, temporary staff, service providers, etc., but it can also concern suppliers or partners;
- This type of repository is able to centralize other types of complementary data, such as organizational structure or location information for example.
The objective is to build the repository of theoretical identity rights, allowing us to know at any time the identity's occupancy within the IS.
It is a question of allowing the diffusion and use of reference information by other applications / services composing the IS. This can be via access through a protocol such as LDAP, exposed APIs or a data synchronization engine.
In order to keep the identity repository up to date, it is essential to manage the associated life cycle (arrival, mobility, departure) within the organization.
This can be provided via:
The two approaches can be specific - depending on the population - or combined.
It is then a matter of provisioning this information in the various target systems, with the creation of "user" accounts for example.
As a first step, it is necessary to define a list of the authorizations or resources available within the organization, in a vocabulary that the end user can understand.
It is possible to build a role model that allows you to construct sets of rights, and to assign them or not in an automated way to users based on rules.
Governance / Audit and Compliance
All the actions carried out on accounts and rights are traced, allowing the use of standard reports or the construction of a specific reporting.
By defining a risk level for the different rights available, it is possible to target controls on users at risk.
In order to ensure that the requested and approved rights correspond to the actual rights in the target systems, it is possible to set up automatic comparisons between these two states.
Finally, the governance of identities and authorizations has the objective of decentralizing management actions.
Identity and Authorization Governance at Synetis
Numerous consultants dedicated to identity and authorization governance with an average experience of over 4 years in the field of integration and 7 years in the field of consulting and project management;
More than 5 active partnerships with major market players (IBM, Ilex International, Kleverware, SailPoint, Saviynt) and a real expertise with other editors such as Brainwave, One Identity, Microsoft, NetIQ, Sun IDM, etc. ;
Over 30 publisher certifications acquired;
More than 120 projects in progress as of August 1, 2022, including more than 75 new projects in 2022 of all sizes (from a few dozen days to more than 1,000 days) and of all types (scoping, project management, audit, integration, TMA, CDS), with a commitment to results (fixed price) or to means (contracting)
DAG: Data Access Governance
Protection and monitoring of
Our Digital Identity experts
answer your questions