Skip to main content

Auditing User Entitlements - Hitachi ID Identity Manager

Business Challenge

In most organizations, data about what entitlements users have exists solely inside individual systems and applications. This makes it difficult for auditors to answer simple questions, such as:

  • Who has this entitlement?
  • What entitlements does this user have?
  • When did this user acquire this entitlement?
  • Who authorized this entitlement?

When these questions are hard to answer, they are rarely asked. This weakens internal controls.

Hitachi ID Identity Manager Solution
  • Identity Manager includes an auto-discovery engine which regularly lists user and entitlement data from every integrated system.
  • The internal Identity Manager database tracks both current and historical entitlement data.
  • The Hitachi ID Identity and Access Management Suite workflow engine can be used to request and approve changes. This creates are record of who and why, not just what and when.
  • Built-in reports can answer questions about entitlements, including:
    • Who has this entitlement?
    • What entitlements does this user have?
    • When did this user acquire this entitlement?
    • Who authorized this entitlement?
    • What entitlements violate SoD policy and have exceptions been approved?

Identity Manager can be used by organizations to more readily audit user entitlements, including change history and policy violations.





Read More:

  • Slow Onboarding:
    It can take too long to create login IDs for newly hired or reassigned users.
  • Costly Security Administration:
    Processes to manage users and entitlements are costly and time consuming.
  • Unreliable Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies regarding appropriate access or segregation of duties.
  • Auditing User Entitlements:
    Auditing user entitlements that span multiple systems.
  • Ambiguous User Access Requests:
    Users understand files and folders, but not groups and ACLs. This makes change requests hard to interpret and both costly and time consuming to fulfill.
  • No History for Security Rights:
    When security entitlements are granted or revoked using native administration tools, there is no audit trail to show who made the change, when or for what reason.
page top page top