Hitachi ID logo
Hitachi ID Systems
Hitachi ID
Identity and Access Governance Read our definition of Identity and Access Governance

Identity and access governance refers to a set of business processes whose cumulative effect is to ensure that identities and security entitlements are managed effectively and securely. In other words:

  • Only users who legitimately require access, based on business context, are assigned active identities.
  • Once access is no longer required, identities are deactivated in a reliable, complete and prompt fashion.
  • In between the above two points in time (onboarding and deactivation), only business-appropriate security entitlements are granted.
  • There is evidence (audit logs) of the above process being executed as described.

Processes which may contribute to the above identity and access governance goals include:

  • Role-based access control (RBAC) -- so that users are assigned exactly the security entitlements appropriate to their job function.
  • Access certification -- to periodically or in response to business events review and correct the security entitlements assigned to users.
  • Segregation of duties policy enforcement -- to prevent users from acquiring "toxic" combinations of security entitlements.
  • Automated access deactivation -- to ensure that no-longer-needed identities are deactivated promptly and reliably.
  • An authorization workflow -- to ensure that changes to identities and entitlements are reliably approved by appropriate business stake-holders before being committed.
  • Privileged access management -- to lock down access to accounts with elevated security rights.

Hitachi ID Identity Manager and Hitachi ID Privileged Access Manager include a wide range of identity and access governance capabilities, including those in the above list.

Return to Identity Management Concepts