What is an identity? An identity is a digital representation of an individual, recording of all the attributes that makes a person unique. We can then map this identity to roles and applications to give users access to the right resources across the organization to allow them to accomplish their job. Managing these identities, or users, can be done with an Identity Governance and Administration (IGA) solution.
For an application to be considered an Identity Governance solution, it must be able to do a few key things.
Let's look at some terminology around identity security and discuss below what to expect—and what not to expect—from an IGA platform.
IGA should manage and automate the entire identity lifecycle process from the onboarding process to deprovisioning accounts upon termination of employment.
This allows organizations to stay in compliance with regulatory mandates and alleviate the burden on IT teams who would previously need to do these actions manually.
An application that allows your organization to verify the current people have the correct access at the right time. This is essential to ensure that company resources are always secure.
The ability to access information about permissions granted or revoked, and resource access requests through the logs. These solutions should also have a way to analyze and pull relevant data. Reporting and logging are crucial to conform to many compliance mandates. For example, during a SOX audit, auditors will want to know what internal controls are in place for access to sensitive data. A good Identity Governance and Administration solution will provide you with reporting tools so you will know who has access to which applications, why they have access, and when their access will be removed.
Allows a user to request access to applications they need to do their job. This automated process alleviates the manual tasks of granting access to users and eliminates the chance of human error in the access request process.
The ability to create or remove accounts to applications or resources across your organization based on a user’s role. Automation of account creation or deletion is the cornerstone of every Identity Governance and Administration solution.
Manages fine-grained access to applications. This allows your organization to manage applications down to the user, moderator, admin, etc. roles. These tools can grant, remove, and alter access to applications and devices across the organization based on the needs of the individual user.
The capability to securely delegate the ability to request, manage, and approve access to another person, department and/or office.
Single sign-on and Identity Governance and Administration are meant to be used together. SSO is the way a user authenticates into a resource. The purpose of IGA is not to authenticate users but to authorize them. SSO is used to determine who a user is, while IGA is used to determine if this user should have access to the resource. When the two are combined you have a more complete identity access management (IAM) solution.
If one privileged account is hacked the organization can be at risk. Privileged access management is focused on minimizing the risk that privileged accounts pose to an organization. IGA is not a PAM solution but is often used as an effective way to manage who has access to privileged access accounts.
Multi-factor authentication combines any two of the following methods to strongly authenticate a user: something you know, something you have, something you are.
Listen to our podcast: 3 Keys to Protecting Identities: Authentication, Authorization, and Governance with Frank Vukovits