Identity Manager: Intelligent User Provisioning for your System

Fast and Secure User Provisioning

The Fastpath Assure^® Identity Manager module lets business process owners request application access with the security of an approval process, without the need for IT intervention. Identity Manager streamlines user setup while adding approvals and audit trails into the process.

For many business systems, adding or editing users is a manual process, with email serving as the primary tool to submit requests and approvals to IT. This type of process is fraught with the potential for errors and mistakes, including a lack of clarity on specific access required.

Identity Manager allows change requests to be made online, generating emails for management approval. When combined with Segregation of Duties (SoD), requestors and approvers gain visibility into SoD risks present in the request, prior to granting access. Once approved, users are created automatically without IT intervention. Easy, intuitive reporting tracks all changes to security access for later audit, making for a more efficient, automated, and accountable process.

FEATURES

• Request user creation and role assignments in Identity Manager
• Visibility into SoD risks during requests and approvals
• Multi-level management approval structures
• Flexible approval rule scenarios – user to user, user to group, group to user, group to group, role to user
• Restrict users from approving their own requests
• Multiple Active Directory scenario configuration options for Microsoft Dynamics
• Comprehensive reporting on requests and approvals
• Assign emergency or temporary access

Who is Responsible for Deciding When User Access is Risky?

Most businesses have an approval process as it relates to user access, but still fall short identifying risks in access requests. Depending on your process, requests may be approved by an immediate supervisor, director, or IT manager, but are any of these people able to see all the risks associated with assigning access? This is even more important in the context of a system that may have hundreds of access points within a single permission or role. Understanding segregation of duties (SoD) risks is an area where many user provisioning plans fail.

With Fastpath Assure, you can link the Identity Manager module and the SoD module to include conflict risk reports with every user access request. When a user adds roles or specific permissions to a user request the SoD module automatically runs the new access against the user’s current access and reveals any areas of risk. The requesting user can then edit the request or send the request for approval, where each approver can see the conflicts and decide if the risks go above allowable levels or need mitigation before signing off.

User Role Assignment

 

Sometimes Users Need More Access, And Then They Don’t

There are times when a user needs additional access to perform a onetime task. Projects come up, contractors are hired, users need to cover for someone, and all of them may require special access. Supplying this access may be necessary, but usually comes with risks. The challenge becomes mitigating the specific conflicts inherent with the access, and ensuring that access is adjusted once the need has passed.

Identity Manager adds security and efficiency to temporary access needs. The scheduling feature lets you add effective dates to both user and permission access requests. This way, new hires can have a start date, employees who have given notice can have an end date, and temporary access can be fully planned, which relieves the need to remember to change security afterwards. To mitigate new risks, the included SoD report in every request allows you to plan for associated conflicts and implement controls before the access is granted.

Schedule Access

 

 ×

Attain and Keep SOX Compliance by Controlling Access from the Start

SOX Auditors review user access for SoD conflicts as well as controls to limit access to sensitive data. Over time, user access may change, with users being added, changed and deleted. When those changes occur, new risks are created. To maintain security and compliance you need to have a process in place to review access for conflicts before the access is given, so you’re better prepared for audits.

User provisioning with SOX in mind can be easy and certainly simplify audit preparation. Using Identity Manager, access requests go through automatic approval workflows. The approvers can see what access the user currently has, along with the requested change, and conflicts that come with the new access. Identity Manager makes SOX compliance easier for user management.

Resources

• BLOG: "Trucks, Ganagsters, and Tom Cruise. . . A Risk Based Approach"
• WEBCAST: "Segregation of Duties: the Increasing Burden of Proof"

COMPATIBILITY

• Dynamics 365 for Operations
• Dynamics AX 2012, 2012 R2 & R3
• Dynamics GP 10, 2010, 2013, 2013 R2, 2015, 2015 R2, 2016, 2018
• Dynamics NAV 2013, 2015, 2016, 2017, 2018
• Dynamics CRM 2011, 2013, 2015, 2016, 365
• NetSuite
• SAP
• Oracle E-Business Suite