Identity and Access Management

Identity and Access Management (IAM) is the central administration of identities and access rights in a company. Authentication and authorization are essential components with which identities are managed and access rights for linked solutions, systems, applications and resources are controlled. It may sound complicated, but this can be easily explained using a practical example:

It is 7:15 a.m. Alex has a special day today because he is on his way to a new job as an account manager at the MyUnifiedIT company. Axel’s workstation has been prepared with a monitor, notebook with docking station, and telephone. Brianne, his new manager, holds the envelope with the start password. Everything seems to be in place for the new employee. Alex arrives early and is highly motivated, he is happy that the new job is about to start. Brianne meets him, leads him around and introduces him to his colleagues. Then she gives him the envelope with the start password. He turns on the notebook. After registration, a window opens asking him to read the data protection regulations and, if he understands them, to accept them. At this point he gains access to all the applications – including those with personal data – that are probably the most important applications for his job. Shortly after Alex has done this, the application icons appear on the screen. He starts Outlook first. Everything is already configured and the pop-up with the first meeting reminder is displayed.

Alex has successfully arrived in his new job and can start to work long before his first lunch break. Brianne is also satisfied. Her new hire is fully operational and productive on the first day. She reflects on how difficult it used to be when it took several days or even weeks until new employees had access to all the resources they needed. You never knew whether the information about a new employee was ever passed on.

What is Identity and Access Management?

The process of “onboarding”, i.e. taking on new employees, illustrated by the fictional example of Alex and Brianne, takes place thousands of times every month in companies all over the world. If it runs smoothly, as in the example, it is the result of a well-organized Identity & Access Management solution. With identity and access management, companies ensure that users are productive in a secure and compliant manner – by giving the right people access to the right resources at the right time and for the right reasons.

Use Identity Governance & Administration

The concept of Identity & Access Management is very broad and has many facets. These include:

• Single Sign-on
• Privilege Access Management (PAM)
• Multifactor Authentication (MFA)
• Cloud Access Security Broker (CASB)
• Privilege Information Management
• Identity Governance & Administration

Identity Governance and Administration (IGA) takes care of the life cycle of user accounts. This ranges from provision to removal and also includes the administration of authorizations, the orchestration of work processes, the certification of accesses and so on. The aim is that the organization consistently works safely and in compliance with its guidelines.

IGA solutions manage digital identity and access rights across multiple systems. To do this, they aggregate and correlate different identity and access rights data that are distributed across the entire IT landscape in order to improve control over user access.

Nowadays, the job is changed much more frequently. The workforce also often includes a larger proportion of temporary workers, contractors, consultants and interns. Management of access rights and user accounts for employees has become much more complex. Here are a few examples:

• New employees: As a supervisor you probably want the new employee (contractor, consultant, or intern) to be productive from day one. To do this, he/she usually needs access to a variety of IT resources (programs, services, drives, etc.) that are based on his/her role and function in the company and in your team. Have a look at what a secure and productive day one could look like with Ivanti.
• Transfer: Another common case is when users have been working for the company for a long time and are now changing responsibilities and roles. They probably need access to other resources and applications that are in the company or in the cloud, other shared drives, and so on. At the same time, access to resources that are no longer required must be revoked. This helps the company to stay safe and compliant.
• Departures: If a user leaves the company, it is very important that access to company resources is immediately revoked for him/her and their user account. This also applies to cloud applications and services that can be accessed from any device over the Internet. If access rights are not revoked, the former employee can still view company data. For example, this can violate the European General Data Protection Regulation (GDPR), but it can also directly cause economic damage to the company.

Get a grip on identity governance and administration

Ivanti Identity Director is an IGA solution that enables companies to effectively enforce role and attribute-based access (Role-based Access Control - RBAC and Attribute-based Access Control - ABAC) on company resources. This also includes secure on- and offboarding.

In addition, users can order additional IT services and authorizations via self-service. Identity Director also protects existing investments by integrating with third-party applications, whether on-premise or in the cloud, to ensure smooth access management to these resources.

Back to the short story from the beginning. The required employee information was read out or queried from the HR system in the company and then processed further in the Identity Director. Every change in relation to the employee is identified and activated accordingly (i.e. entitlements are granted or withdrawn). If connected systems are affected, the actions are carried out automatically in these systems. In the end, every employee has access to the right resources at the right time for the right reasons - absolutely compliant and audit-proof to the corporate and regulatory guidelines.