An equal, if not greater, challenge is ensuring the protection of corporate assets, data and compliance with internal and external controls. Preventing unauthorized accessto sensitive information is enormously challenging when cloud applications and mobile devices are outside of the controlof anization. For example, it allows your:• CIO to decrease the costs of compliance and offer more convenient access, so the business can take advantage of new opportunities• CISO to enforce enterprise-wide access compliance and securityFigure 1. The Identity Management Lifecycle, Powered by NetIQ Identity Manager• Line of business managers to keep their teams productive by providing immediate, role-based access to resources• IT managers to better manage resources and provide identity rich usage data to key stakeholdersNetIQ Identity Manager manages the complete identity lifecycle in a modular yet integrated manner so you can address current and future needs as they come. Capabilities include: Managed Account Creation, Revocation and Job Changes—NetIQ Identity Manager offers an integrated roles-rules-workflow engine that provides the most efficient solution on the market today. Automate as much or as little provisioning as makes sense for your organization. The engine matches the way your organization does business bycombining business rules with the efficiencyof optional roles-based provisioning, allowingthe workflow engine to handle standardapprovals and exceptions such as separation-of-duties conflicts.Managed Identity and Access Changesacross the Enterprise—NetIQ IdentityManager leverages an event-basedarchitecture and enforces identity authorityacross all connected systems, ensuringidentities are created only from appropriatesources. Additionally, NetIQ Identity Managerenforces attributes authority, meaningsystems that “own” components of theidentity are the only ones that can changethem, and if changed in non-authoritativesources, they can be automatically re-set tothe value in the authoritative source. Both arecritical when basing provisioning and accesspolicies on attributes. NetIQ Identity Manageruses an event-based architecture to respondin real time when a user-lifecycle event,such as a hire, termination, promotion orrole change occurs, its data-managementengine triggers policy-based processeswith little-to-no human intervention.Additionally, various applications, such asMicrosoft SharePoint and SAP systems,have their own policy controls. IdentityManager makes it easy to integratedifferent entitlements into a consolidatedcatalog, leveraging the NetIQ IdentityManager resource reconciliation service.This capability allows you to automaticallydiscover permissions and use visualoperations to map resources to appropriateroles or NetIQ Identity Manager resources.Seamlessly integrating different policycontrols into one system quickly creates aunified governing mechanism that gives theright individuals a complete view of users’privileges, and empowers them to makeinformed decisions to evaluate and ensurethe right people have access to the rightresources. Not only does it deliver ease-of-use for initial setup but ongoing entitlementmaintenance provides your organization withan agile system for managing resources andentitlements across all connected systems,no matter where the systems are located—on premise or in the cloud.With constant connectivity beingthe new norm, the workplaceis now anywhere and businessuser preferences have shiftedtowards mobile device interfaces.Users wonder, “why can’t I haveaccess to what I need now”or “why can’t I just downloadan app” and “why am I beingasked for another password?”Designer for NetIQ Identity Manager offers the ability to produce access-request workflows that can dramatically reduce human error with no programming or customization required. In the graphical interface, your administrators can manage the entire project lifecycle, including designing and simulating various account management configurations without any scripting. As you expand NetIQ Identity Manager to applications throughout your environment, the challenge of “data clean-up” can be time consuming. Analyzer for NetIQ Identity Manager, a feature in Designer, efficiently displays and compares data from the identity vault and in connected systems, minimizing the time required to prepare applications for integration into the identity infrastructure, thereby minimizing the time and costs required to connect new systems.User Self-Service Access Request andA ppro val Pro cess—Using an intuitive, business-user friendly dashboard, business users can make and track access requests, and manage approval tasks all from one location. This self-service capability gives users control over their own identity information, so they can remain productive while reducing the workload on IT to handle requests.Full integration with the provisioning system means that users can get the access they need almost immediately, rather than waiting on manual fulfilment.Approvers are typically business managers who travel for business and are on the go. Productivity is lost when requests from users have to wait on an approver to be in the office. In today’s world, work is an activity and not a location. The Mobile Approval Application for NetIQ Identity Manager is a native and secure mobile application that can be easily installed on any mobile device allowing approvers to be immediately alerted and respond to requests from anywhere.Password Self-Service—One of the largest helpdesk costs is borne by helping users reset their passwords. NetIQ Self ServicePassword Reset (SSPR) by OpenText canvirtually eliminate the helpdesk’s involvementby allowing users to manage and reset theirown passwords and even re-enable lockedaccounts while still maintaining the securityyour company requires.With self-service password reset, usersconfirm who they are through methodsbefore they’re allowed to securely reset theirpasswords. Whatever method is selectedfor identification reflects the appropriatelevel of security your organization requires,and new passwords always adhere torequirements with as-you-type passwordrule enforcement. That way, there’s nodanger of replacing a strong passwordwith a weaker one that doesn’t meet thespecified requirements. New passwords andunlocked accounts are effective instantly,so users can gain immediate access to theirsystems and applications.User Activity Monitoring—Knowing andmanaging who has access to what is onlypart of the picture. Knowing what peopleare doing with their access—both historicallyand in real time—is equally important.Inadvertently allowing noncompliant,malicious or improper behavior could resultin hefty fines, failed audits and severedamage to your enterprise’s informationstores and business reputation. The availableIdentity Tracking for NetIQ Identity Managercombines the powerful information andprovisioning capabilities of NetIQ IdentityManager with a real-time correlation engineto give you a complete picture of whohas access to what and what people aredoing with their access. This user-activitymonitoring and remediation solution worksacross all systems that NetIQ IdentityManager provisions, significantly reducingthe risks of non-compliant, malicious orimproper behavior harming your enterprise.Access Certification—Periodic accessreviews are a compliance requirement andcan consume significant time. IT wastestime com p iling access entitlements and toomuch eff ort is required of the business tocertify those entitlements. NetIQ IdentityGovernance by OpenText, a complementarysolution to NetIQ Identity Manager,automates much of that process by enablingorganizations to review and certify useraccess to applications and systems acrossthe enterprise. NetIQ Identity Governanceallows review of managed and un-managedapplications, enables periodic and event-driven reviews, allows supervisor reviews,supports both application and permissionowner reviews, streamlines reviews basedon risk, and fulfills review decisionsautomatically or manually.Compliance Reporting—NetIQ IdentityManager is equipped with the comprehensivereporting capabilities that your organizationneeds to prove access compliance.The reports not only provide visibility intowhich systems users can currently access,but also into which systems they couldaccess on specific dates or between twopoints in time. The reporting frameworkalso allows users to create custom reportsto suit their specific requirements, and tosave the reports for future use. The policy-based data collection and storagecapabilities provide strong compliancesupport so that your organization isalways ready for its next audit.ConclusionThe time-tested and award-winning IdentityManager delivers a complete solution tocontrol who has access to what across yourenterprise—both inside the firewall and in thecloud. It enables you to provide secure andconvenient access to critical information forbusiness users, while meeting compliancedemands. Y ou can be confident in knowingthat it has achieved Common CriteriaCertification at Evaluation AssuranceLevel 3 with augmented assurance (EAL3+).Deployed by thousands of customers worldwide, NetIQ delivers a highly-scalable, differentiated identity management foundation, ensuring your organization can stay competitive, agile and secure—at low cost. It offers an integrated approach to deploying enterprise-wide solutions, or individual identity and access management products to address the most pressing needs first. With our products, and solutions, your enterprise gets the most value from its past, present and future IT investments.About NetIQ by OpenText OpenText has completed the purchaseof Micro Focus, including CyberRes.Our combined expertise expands our security offerings to help customers protect sensitive information by automating privilege and access control to ensure appropriate access to applications, data, and resources. NetIQ Identity and Access Management is part of Open T ext Cybersecurity, which provides comprehensive security solutions for companies and partners of all sizes.“With centralized user identity management,we can present our company in a seamless fashion.Customers no longer need to remember multipleIDs and passwords to access their many differentservices with us.”Kanon CozadSenior Vice President and Director of Application DevelopmentUMB Financial CorporationOpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.。
