Managing provisioning into an identity repository is a basic organizational process that varies remarkably between organizations. Some companies have a highly functional process that minimizes manual input and maximizes efficiency. Others have very manual processes that are costly and open to abuse. Deep Identity has developed an easy-to-use solution that adopts a role-based provisioning process that is particularly powerful in the SAP environment.
Managing identities within organisations today is an increasingly important factor in controlling costs and managing risks. Managing staff identities, and using the information to provision systems that users are authorised to access, is critical to business success. In many cases it is also important to manage business partners and suppliers in order to give them controlled access to the data they need in order to effectively collaborate and integrate their supply chain business processes. For some businesses managing customer identities and tailoring their sales message accordingly is equally important. Identity management is therefore a core competence of the modern organisation.
Furthermore, organisations need to manage identity information and system access across the lifecycle of each staff member. New staff must be “on-boarded” in an effective and timely fashion. When reorganisations occur or staff are promoted their access permissions require updating and, once the person has ceased their employment, they must be quickly and effectively de-provisioned. This “lifecycle management “is at the core of the Deep Identity Manager product.
The Deep Identity solution sources input from the attribute authority, typically the HRMS (Human Resource Management System) for most identity information, and provisions user accounts into applications and systems. For supported systems the product can create, modify or delete user accounts in accordance with triggers from the input system(s). Typical provision actions are: setting up username and password in target systems; writing userIDs to AD groups; or writing entries into an enterprise directory.
One of the strengths of the Deep Identity product is its role-based provisioning. Based on role or position information in the HRMS, Identity Manager can establish appropriate accounts in relying systems or directory groups. This is accomplished via a policy engine that evaluates the “rules” associated with a user’s role and provisions them accordingly. Rules are established via a GUI, natural language tool. Identity Manager can also detect possible SoD violations and trigger a manual verification to ensure policy compliance.
Deep Identity has focussed on the user interface, providing a self-service facility with authorisation workflow to minimise the need for manual entry by administrative personnel. The self-service functionality uses a shopping cart approach to provisioning, with users able to add multiple requests into a single entry. The self-service tool can be used for password reset and account un-locking via a challenge response feature.
Another useful feature is the profile administration function. This provides a “tell-us-once” feature that allows the self-service tool to update connected systems and act as a source-of-truth for certain identity attributes. All workflows can be developed to ensure that any changes are subject to the requisite approvals. Audit and compliance is built-into the product with logging of events and the provision of “out-of-the-box” dashboards providing an analytics view to the system operation.
The Deep Identity product provides a competent provisioning tool that will be attractive to a large percentage of the market. While it will be or particular interest to those organisations running the SAP enterprise resource planning software, the “ease of use” features of the product will appeal to most organisations.