.png)
Why External Identity Access & Governance ?
External users such as vendors, partners, consultants, customers, and contractors require specific access to resource applications and systems of potential organizations. Various requirements such as creating accounts in different systems, managing and monitoring access to systems and associated networks can be challenging if the applications are not well equipped. Due to limited engagements of non-employees, many organizations struggle to gain total visibility over risk and security of assigning permissions, missing deprovisions, and various resource updates.
What is External Identity Access & Governance (EIAG) ?
ISSQUARED’s External Identity Access and Governance (EIAG) is a web application hosted primarily on clients’ internal network and accessible through webserver. The application onboards users, defines their roles and rights, configures target systems, and provides on-demand account provisioning and group membership provisioning to target system.
It also allows to customize processes associated user onboarding, group (entitlement) assignments and account provisioning to targets. To manage security, it allows to create custom password policies, create record level securities, and set MFA methods.
Features Set
Account Management
Manage external users accounts
Provision accounts
Change or delete account or access
Request access for an identity
Suspend or restore an identity
Recertify an identity
Reset account passwords
Entitlement Management
Create or sync groups/entitlements
Create and manage dynamic groups
Manage entitlements through applications
Add members to entitlements
Remove members from entitlements
Entitlement recertifications
Organization based entitlements
Target System Connectors
Out-of-the-box connectors
Custom configurations
Custom schema Mapping
Target actions
Correlations mapping
External Organization Management
Manage external organizations
Manage custodians
Manage onboarding workflows
Manage Org Entitlements
Manage entitlement workflows
Manage recertifications
Request Management
Request accounts / entitlements
Request accounts or entitlements for
other
Custodian Management
Internal custodians
External custodians
Super custodians
Workflow Management
Default workflow definitions
Entity level workflows
Workflow tasks and flows
Sub workflows
Core Functionalities
The application includes the following core functionalities:
- Manage Internal and External Users: Onboard internal and external users who own specific privileges in the application such as Administrators, Identity Custodians, Application Owners, etc., and manage associated information such as email address, organization role and organization details.
- Workflow to Onboard Users: Create and manage external user onboarding workflow process of respective organization, and onboard users for recertifications and entitlements in target systems.
- Manage Group Membership (Entitlements): Manage group membership and provisioning process from importing groups(entitlements) from target systems, assigning them to user’s organization, create custom workflows to grant entitlements, enable users, custodians and admins to raise request for entitlements, provide membership in target systems, and revoke group membership from target system.
- Generate Custom Reports: Import multiple records of internal and external users in the system via CSV file that provides a way to map CSV columns to system identity attributes.
- Define Role Permissions: Set role permissions for internal and external users, internal and external custodians to access pages in the application.
Benefits of EIAG?
Total control over onboarding process
Customize and automate user onboarding by drag-drop workflow processes based on external organization and user type whether vendor, customer, partner, etc.
Delegated user management
Assign internal custodian to manage external identities or external custodians to onboard their own managed users, and let the custodians manage external accounts and entitlement access.
Provide on-demand provisioning and de-provisioning
Provides controls to automate provisioning and deprovisioning of accounts and entitlements across different directories and target systems. The end users can raise self-request for provision or deprovision that eventually receives approvals from custodians/data owners based on the workflow defined.
Minimize access risk
Custodians have clear visibility of access provided to external identities and manage/remove access on a timely basis and perform access reviews and revoke access as per the compliance policies.
Faster decision making
Automated email alerts and notifications for different events and provide better insights of data through customized dashboards and import real-time reports.