Features Segregation of Duties Policy Enforcement
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Segregation of Duties Policy Enforcement - Hitachi ID Identity Manager

(1)Hitachi ID Identity Manager includes what is probably the most advanced segregation of duties (SoD) engine available. The Identity Manager SoD engine supports:


Watch a Movie

Review violations to segregation of duties (SoD) policies


Play movie

Content:

  • Review a list of users violate an SoD policy.
  • For each violation, either remove one of the offending security entitlements or create an approved exception.

Key concepts:

  • SoD rules may be expressed in terms of individual entitlements (accounts, group memberships), roles or both.
  • SoD violations must be corrected manually, since the system cannot predict which of several conflicting entitlements should be removed and which are appropriate to the user's needs and should be kept.
  • SoD violations can also be approved, which means that there is a business reason to violate the policy.