The unique strength of ORG is the sum of its capabilities:

ORG supports RBAC and ABAC across platform. Performant and failsave.

  • Role Based Access Control (RBAC ) and Attribute Based Access Control (ABAC ) on different technical platforms (host, web, client server) are proven and - very important - performant and failsafe.
  • ORG - because of its ABAC-ability - can be used as an Externalized Access Management System.
  • ORG provisions / de-provisions intelligently in almost every imaginable identity-/rights-storage, no matter what technical platform they are on.
  • Using ORG authorization rules can centrally managed and enforced across the enterprise.
  • Governance functions such as historicization, administration in the future, auditability and re-certification reports cover additional governance requirements.
  • ORG is easy to use, both in request and approval processes and in the authorization administration.
  • Because of its comprehensive multi-tenant capability ORG is readily available as SaaS in the cloud.

Authorization

Hybrid Process

The central objectives is to insure that the users e.g. employees, customers or business partners, have the access rights they need for their work at the right time.

Therefore, it is important for the role mining to pay attention to define enough different roles and on the other hand not to draw up too many roles. The hybrid process model is a suitable approach.
Using the hybrid model, business roles and technical roles are linked. This enables the business department to control their own permissions.

 

ORG’s role- and access management covers the stated requirements fast and reliable. Thereby, the execution of fine-grand attribute based (ABAC) and role based (RBAC) decisions is possible. Within the history concept of ORG it is possible to implement a validity period for every data record. When the data record is expired or has been deleted it is obtained in the ORG data base and is just marked as deleted.

 
 

Administration

ORG makes the Single Point of Administration and Control - the central administration and control of complex access rights – possible.  The processes of allocation, monitoring and withdrawal is easy, efficient, comprehensible and tamper proof. A complete monitoring and control of this process ensue over all applications. Access- and user rights are provisioned automated to all business applications. Independent of the platform it is possible on mainframe-, client/server- and in web applications.

The technically sophisticated connector architecture for the bidirectional exchange of access information with standard software is built modular. The interface to the ORG server and the logic for the exchange of access information is the same for all connected systems. Only the interface specific part of the connected application systems is implemented in so-called agents. This architecture makes it possible to connect further application systems with little effort.

The central administration database of ORG contains current, future and past authorization information of all connected applications (standard applications and in-house developments). Therefore, ORG meets highest requirements of audit security.

Multistage role model

Roles are a core component of the identity management. The conventional role management defines roles as an administrative bundling of access rights. In the context of Access Governance and Business Intelligence, this is no longer sufficient because the tasks and the importance of roles changed. Roles have now to support business-features as application and approval processes additionally. Today, IDM systems consists of role models that reflect the company’s perspective. The target system-specific authorization structures are hidden behind.

Multistage role model

ORG realizes this requirement by a division into business and IT roles. IT roles define the technical term of the permissions assigned and business roles define the functional aspect of the user within the organization. ORGs role management provides the link between business roles and IT roles. A multistage role model is possible (see figure). IT-specific roles are translated into roles that are for the functional department intelligible. A business perspective to the underlying IT infrastructure is designed. Thereby the auditing of permissions by the business departments is possible.

 

Integrated workflow control

ORG can be easily integrated into existing application and approval workflows, so that the manual administration is avoided as far as possible. A four-eye principle is configurable if required. ORG offers a module for the integrated workflow management for automated submission and approval of authorization requirements. This services accesses to the same web service interfaces that are offered to an external workflow. The delegated administration and self-service are standard of ORG.

 
 

Audit / Governance

Certification / Recertification

Reports of ORG-Admin-DB enable:

  • Time travel at a finger tip
  • Understandability and verifiability for business departments
  • Central and tamper proof information attitude

The ORG component ‘Identity GRC’ enables easy and cost effective to identify and edit all operational risks associated with user privileges across all information systems. Identity GRC analyzes the data of all entitlement storages, e.g. SAP, ORG, Novell, AD.

Identity GRC focuses on the creation of rule-based analyzes and reports. Business Intelligence principles are applied. With data queries, rule and analysis engine a web application for business users with variable query capabilities and dashboard displays is created.

An inventory of existing permissions is generated to consolidate user, account and permission information for further processing. Identity GRC delivers intelligent value through multi-criteria analysis for data visualization, segregation of duties management, anomaly identification and compliance reporting – especially for identity and access occurrences.

Using the intuitive dashboard, the extended role mining, the analyze opportunities and the comprehensive reporting function, operational risks can be analyzed and controlled better.

Online Presentation

We would like to show you our products via web session. 

If you want to make an appointment, please fill in the formluar. Our experienced consultants will contact you as soon as possible.

 

By submitting this form, I agree that FSP may process my data as described in the privacy policies.

 

The Access Governance Suite provides:

Compliance & Audit

  • Compliance Management
  • Monitoring
  • Reporting
  • Auditing
  • Certification

Life Cycle Management

  • Identity Adminstration
  • Role-Management
  • Privilege User Management
  • Synchronization
  • Self Service
  • Provisioning
  • Delegated Administration

Repository Management

  • Metadirectory
  • Virtual Directory
  • DB-basiertes Directory
  • Policy Repository

Policies & Workflows

  • Policy Management
  • Workflow Management

Access Management

  • Authorization-Management
  • Access Control
  • Policy Enforcement

Information Protection

  • Information Rights Management

IGA-Lifecycle

IAG-Lifecycle