Hitachi ID Access Certifier
Hitachi ID Access Certifier is a solution for distributed review and cleanup
of users and entitlements. It works by asking managers, application
owners and data owners to review lists of users and entitlements.
These stake-holders must choose to either certify or revoke every user
Access Certifier is included with Hitachi ID Identity Manager at no extra cost.
- As users move through an organization, periodically changing job
functions, they tend to accumulate privileges.
- Over time, a user who has had many different jobs will accumulate many
- Some of the privileges are no longer required and
- some of them may be inappropriate to that user's current job.
- This process is called entitlement accumulation
and can lead to situations where users have so many rights that they
can bypass internal controls, possibly violating regulatory requirements
for privacy protection or transparent corporate governance.
Access Certifier enables organizations to automate access certification
(also known as attestation) processes, which ultimately help to
find and deactivate inappropriate security entitlements.
- Access Certifier can invite managers, group owners or application
owners to review a list of users and entitlements within their
scope of authority.
- These business users either certify that security rights
are appropriate or flag them for further review.
- Flagged entitlements are routed to other users using a
built-in approvals workflow.
- Security rights that are both flagged and subsequently
approved for removal are deprovisioned on integrated systems
- System administrators may be invited to manually deactivate
entitlements on un-integrated or partly integrated applications.
Access Certifier can also be used to periodically review and remediate
the configuration of policy objects, such as roles and SoD rules.
The process is the same -- schedule a review process, invite
policy object owners to perform reviews and get them to inspect
and/or modify policy object settings, before signing off.