Skip to main content

Auditing User Entitlements - Hitachi ID Access Certifier

Business Challenge

In most organizations, data about what entitlements users have exists solely inside individual systems and applications. This makes it difficult for auditors to answer simple questions, such as:

  • Who has this security entitlement?
  • What entitlements does this user have?
  • When did this user acquire this entitlement?
  • Who authorized this entitlement?

When these questions are hard to answer, they are rarely asked. This weakens internal controls.

Hitachi ID Access Certifier Solution
  • Access Certifier includes an auto-discovery engine which regularly lists user and entitlement data from every integrated system.
  • The internal Access Certifier database tracks both current and historical entitlement data.
  • The Hitachi ID Identity and Access Management Suite workflow engine can be used to request and approve changes. This creates are record of who and why, not just what and when.
  • Built-in reports can answer questions about entitlements, including:
    • Who has this entitlement?
    • What entitlements does this user have?
    • When did this user acquire this entitlement?
    • Who authorized this entitlement?
    • What entitlements violate SoD policy and have exceptions been approved?

Access Certifier can be used by organizations to more readily audit entitlements, including change history and policy violations.





Read More:

  • Incomplete Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies.
  • Privilege Accumulation:
    Over time, as users move through an organization, they accumulate new privileges and retain older, no-longer-needed rights.
  • Lack of Accountability:
    There is often no history indicating who approved security privileges and when they were last reviewed.
  • Auditing User Entitlements:
    Auditing user privileges that span multiple systems.
page top page top