In many organizations and especially in heavily regulated industries, auditors create significant workload for access administrators. They need to know what access given users have, which users have specific rights, when the rights were granted, who requested them, who authorized them, whether they are actively in use and more. These queries can consume half of all administration work.

Hitachi ID Identity Manager enables auditors to answer their own questions, without assistance from access administrators. This expedites audits and reduces IT administration workload:

  • Auditors can be assigned the right to run reports in Identity Manager, without being able to actually grant or revoke access.
  • With effective process automation, auditors can focus on how the process works, rather than on individual access rights.
  • Identity Manager can record a full history of requests and entitlements, answering the questions "when was this granted?," "who requested this?" and "who approved this?."
  • Risk scores help auditors focus their attention on the users who are most able to harm the organization, making audits more effective.
  • Access certification offloads the review of individual users and their entitlements to their managers and data owners, rather than auditors, who may not have adequate business context to assess the suitability of access rights in any case.

Specific Identity Manager reports that an auditor might be interested in include:

  • SoD violations.
  • Rejected workflow requests.
  • Users with entitlements outside their assigned roles.
  • Users with sensitive entitlements.
  • Orphan and dormant accounts and profiles.
  • Coverage of the access certification process and in particular entitlements that have not been recently reviewed.
  • Users not attached to the org chart.
  • Current entitlements held by users.
  • Entitlements previously held by users (e.g., at a point in time).
  • Entitlement change history over time (assignment, revocation).

The result is auditors that are more effective, independent and do not consume the time of access administrators.