Features Removing Inappropriate Security Entitlements
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Removing Inappropriate Security Entitlements - Hitachi ID Access Certifier

Once certifiers have reviewed user entitlements and identified inappropriate ones, Hitachi ID Access Certifier can follow through by authorizing the deactivation of those rights and then removing them from target systems:

Authorizing Deactivation of Entitlements

By default, all requests require authorization -- but business logic may override this and auto-approve requests.

Authorizers are selected automatically and may be chosen using OrgChart data (i.e,. managers of the requester or recipient), using resource owner data or through other means, such as lookups in an external database or directory.

Each group of authorizers consists of some N>=1 authorizers. Some number M<=N of the authorizers in each group must approve a request before it will be fulfilled by Access Certifier.

A single flow-chart (state diagram) is used to authorize all requests in the Access Certifier workflow engine. The Access Certifier workflow engine supports:

Workflow is used in Access Certifier to approve change requests, to implement approved requests, to certify user access and more. A participant in the workflow process is a person invited to complete a task.

The Access Certifier workflow engine has built-in support for automatic reminders, escalation and delegation, so as to elicit reliable responses from individually-unreliable users:

Removing Inappropriate Entitlements on Target Systems

Once access deactivation has been approved, Access Certifier removes excess entitlements directly on target systems. This is done using the over 110 built-in connectors, by: