Skip to main content

Incomplete Deactivation - Hitachi ID Access Certifier

Business Challenge

In many organizations, there is no complete record of every login ID associated with users. As a result, access deactivation may be incomplete, leaving some login IDs enabled on systems where system administrators did not know the user had them.

In other organizations, the termination process does not notify every relevant system administrator of a user's departure. In these cases, system administrators may fail to remove old login IDs simply because they were unaware of the user's status.

Regardless of the cause, access deactivation is often slow, unreliable or incomplete.

Hitachi ID Access Certifier Solution
  • Access Certifier is an effective tool to periodically review the access rights held by each user and to flag inappropriate access rights for termination.
  • One of Access Certifier's modes of operation is to invite managers to review a list of their direct subordinates and to flag departed users. This process can catch stragglers whose entitlements were not properly deactivated.

Access Certifier can be used by organizations to ensure that access deactivation is comprehensive and reliable.

Read More:

  • Incomplete Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies.
  • Privilege Accumulation:
    Over time, as users move through an organization, they accumulate new privileges and retain older, no-longer-needed rights.
  • Lack of Accountability:
    There is often no history indicating who approved security privileges and when they were last reviewed.
  • Auditing User Entitlements:
    Auditing user privileges that span multiple systems.
page top page top