ORG supports RBAC and ABAC across platform. Performant and failsave.
The central objectives is to insure that the
users e.g. employees, customers or business partners, have the access rights
they need for their work at the right time.
Therefore, it is important for the
role mining to pay attention to define enough different roles and on the other
hand not to draw up too many roles. The hybrid
process model is a suitable approach.
Using the hybrid model, business roles and technical roles are linked. This enables the business department to control their own permissions.
ORG’s role- and access management covers the stated requirements fast and reliable. Thereby, the execution of fine-grand attribute based (ABAC) and role based (RBAC) decisions is possible. Within the history concept of ORG it is possible to implement a validity period for every data record. When the data record is expired or has been deleted it is obtained in the ORG data base and is just marked as deleted.
ORG makes the Single Point of Administration and Control - the central administration and control of complex access rights – possible. The processes of allocation, monitoring and withdrawal is easy, efficient, comprehensible and tamper proof. A complete monitoring and control of this process ensue over all applications. Access- and user rights are provisioned automated to all business applications. Independent of the platform it is possible on mainframe-, client/server- and in web applications.
The technically sophisticated connector architecture for the bidirectional exchange of access information with standard software is built modular. The interface to the ORG server and the logic for the exchange of access information is the same for all connected systems. Only the interface specific part of the connected application systems is implemented in so-called agents. This architecture makes it possible to connect further application systems with little effort.
The central administration database of ORG contains
current, future and past authorization information of all connected
applications (standard applications and in-house developments). Therefore, ORG
meets highest requirements of audit security.
Roles are a core component of the identity management. The conventional role management defines roles as an administrative bundling of access rights. In the context of Access Governance and Business Intelligence, this is no longer sufficient because the tasks and the importance of roles changed. Roles have now to support business-features as application and approval processes additionally. Today, IDM systems consists of role models that reflect the company’s perspective. The target system-specific authorization structures are hidden behind.
ORG realizes this requirement by a division into business and IT roles. IT roles define the technical term of the permissions assigned and business roles define the functional aspect of the user within the organization. ORGs role management provides the link between business roles and IT roles. A multistage role model is possible (see figure). IT-specific roles are translated into roles that are for the functional department intelligible. A business perspective to the underlying IT infrastructure is designed. Thereby the auditing of permissions by the business departments is possible.
ORG can be easily integrated into existing application
and approval workflows, so that the manual administration is avoided as far as
possible. A four-eye principle is configurable if required. ORG offers a module
for the integrated workflow management for automated submission and approval of
authorization requirements. This services accesses to the same web service
interfaces that are offered to an external workflow. The delegated
administration and self-service are standard of ORG.
Reports of ORG-Admin-DB enable:
The ORG component ‘Identity GRC’ enables easy and cost effective to identify and edit all operational risks associated with user privileges across all information systems. Identity GRC analyzes the data of all entitlement storages, e.g. SAP, ORG, Novell, AD.
Identity GRC focuses on the creation of rule-based analyzes and reports. Business Intelligence principles are applied. With data queries, rule and analysis engine a web application for business users with variable query capabilities and dashboard displays is created.
An inventory of existing permissions is generated to consolidate user, account and permission information for further processing. Identity GRC delivers intelligent value through multi-criteria analysis for data visualization, segregation of duties management, anomaly identification and compliance reporting – especially for identity and access occurrences.
Using the intuitive dashboard, the extended role mining, the analyze opportunities and the comprehensive reporting function, operational risks can be analyzed and controlled better.
We would like to show you our products via web session.
If you want to make an appointment, please fill in the formluar. Our experienced consultants will contact you as soon as possible.
Compliance & Audit
Life Cycle Management
Policies & Workflows