When a user leaves an organization, access deactivation should be reliable, fast and complete. Failing any of these criteria means that users retain access after they are gone -- a serious threat of security compromise, especially if the departure was not amicable. Manual access administration often fails some or all of these objectives.
Hitachi ID Identity Manager automates access deactivation processes:
- Discover all accounts on every integrated system -- it is impossible to deactivate access if there is no record that it exists!
- Link accounts to user profiles -- so that when a user departs, it will be possible to itemize all the accounts that should be deactivated.
- Automatically trigger deactivation when a system of record (SoR), such as HR, indicates that a user has gone.
- Leverage manually entered requests and periodic reviews to deactivate access that is not predicted by a SoR.
- Leverage automated connectors to complete deactivation promptly, without human intervention.
The result is prompt, reliable and complete deactivation in response to people leaving the organization.