Resolution
Access Governance Suite enables you to automate the review and approval of identity access privileges by collecting fine-grained access (or entitlement) data and formats the information into reports, which are routed to the appropriate reviewers. System Administrators and Certification Administrators can take action on all certification items whether they own the certification or not.
Each report is annotated with descriptive business language - highlighting changes, flagging anomalies and calling out violations where they appear. These reports enable reviewers to approve access for identities, account group permissions and membership, and role composition and membership, or take corrective actions (such as revoking entitlements that violate policy). Reviewers can also forward, reassign, or delegate all or part of a certification to another reviewer.
Access Governance Suite can be configured to integrate with provisioning providers to automated access management for your implementation. The following provisioning providers can be configured to communicate user and account information and automatically add or revoke access.
- Sun IdM
- Oracle IdM
- IBM IdM
- Novell IdM
- BMC Remedy
Certain certifications also enable certifiers to request the creation of new roles. Use the create new role feature to create roles based on trends found during certifications. For example, if there are five (5) entitlements that appear in the Additional Entitlements list for every identity in a certification, the combination of those entitlements might define a function of that population. Use the Create New Role button to define a role around that job function, and, in the future, you can certify that single role instead of the five (5) additional entitlements. Roles requested from certifications use the same analysis and approval business processs as those created in the Role Manager.
Certifications can be scheduled to run periodically or continuously. Continuous certifications focus on the frequency with which individual items need to be certified while periodic certifications focus on the frequency with which the entire certification needs to be completed.
One-off certifications can be created from the Identity Risk Score, Identity Search Results, or Policy Violation pages. These one-off certifications can be created for one or more identities and are most often used in special situation, when a certification is required outside of the normal certification cycle.
Certifications can also be configured to run based on events that occur within Access Governance Suite. For example, an event-based certification might be configured to run when a manager change is detected for an identity and for that certification request to be sent to the newly assigned manager. The events that trigger the certifications are configurable to meet the needs of your enterprise.