Hitachi ID Identity Manager can define peer groups using profile attributes. A product administrator specifies a handful of attributes, such as department code, location code or job code which identify users who are expected to have similar entitlements. Users are said to be peers if they have the same values for these attributes. Each combination of attribute values that exists for at least one user defines a peer group.

Peer groups are helpful to requesters. When a requester searches for entitlements to request on behalf of a recipient, Identity Manager can check if the recipient is a member of a peer group and if the peer group has at least a minimal number of members (else it's not statistically significant). If that is the case, requestable entitlements are ranked by popularity among the peer group, after subtracting those entitlements that the recipient already has. In many cases, the entitlement that a requester will select is near the top of this ranking, being popular among peers of the recipient but not yet assigned to the recipient.

Recommended entitlements shown in search results are illustrated in Figure [link].

Recommended entitlements in the Identity Manager groups 'app'

Recommended entitlements in the Identity Manager groups 'app'

Entitlement popularity among a peer group can also be inverted, to calculate how unusual it is for a given user to have a given entitlement. When a user has an entitlement but few of that user's peers have the same entitlement, then the entitlement can be thought of as "inconsistent" with the user's peers. This "consistency score" can be helpful to reviewers and authorizers:

  1. When presenting entitlements to a reviewer, show the low-consistency entitlements first, as these represent higher risk. The reviewer should pay closer attention to these items before fatigue sets in and the likelihood of just rubber stamping entitlements increases.

    This is shown in Figure [link].

  2. When presenting entitlements in the context of a request routed to an authorizer, display the consistency score and highlight requests that are highly inconsistent with peers. This will focus the attention of authorizers on higher risk requests.

Access review with consistency scores

Access review with consistency scores