Transcription
IBM SoftwareData SheetIBM Security IdentityManagerDeliver intelligent identity and access assuranceacross the enterpriseHighlights Empower managers to set up user accessrights with an intuitive user interfaceImprove decision making with enhancedidentity analytics reportingSupport managers on the go with amobile interface for processing employeerequests from a smartphoneIncrease efficiency and reduce administration costs with centralized user selfservice, automated approvals processing,role mining and password managementSimplify the design, implementation andvalidation of role and access structureacross the organizationStrengthen compliance and securitythrough separation-of-duty enforcementand recertification of user entitlementsIBM Security Identity Manager is an automated and policy-basedsolution that manages user access rights across the extended enterprise.Through the use of roles, accounts and access permissions, the producthelps automate the creation, modification and termination of user privileges throughout the entire user lifecycle. Its embedded role lifecyclemanagement component can streamline the role structure approval process and reduce errors when validating access with the business.What’s more, Security Identity Manager includes an easy-to-use,intuitive user interface that can help business managers make intelligentaccess decisions. It also provides direct access to enhanced reporting andanalytic capabilities.As part of its core functionality, Security Identity Manager delivers: User lifecycle management capabilities, such as automated onboardingof users, that can help improve productivity and lower costsEffective and actionable compliance with centralized identity andaccess management across the enterpriseWeb self-service for managing business roles, accounts, groupmembership and passwordsA set of controls that enhance security, including preventive separationof duties and closed-loop reconciliation that detects and correctschanges to native target systemsBroad, out-of-the-box support for managing user access rights andpasswords on various applications and systems, plus a rapid integrationtoolkit for managing custom applicationsFlexible reporting for user access rights leveraging automaticsynchronization of user data from different repositories
IBM Software Data Sheetperimeters, providing secure online access in mobile, cloudand social environments. As a result, organizations can improveidentity assurance, facilitate compliance, and reduce operationalcosts by enforcing secure user access to data, applications andinfrastructure across the extended enterprise.A role hierarchy that streamlines administration, providesvisibility of user access, and helps bridge the gap betweenhow business users view their IT resources and the actualIT implementation of user access rightsA robust provisioning engine that adds and removes useraccess rights based on membership in business roles orrequests for user accounts and fine-grained entitlementssuch as shared folders or web portletsAn embedded workflow engine for automated submissionand approval of user requests and periodic certification ofuser access rightsGroup management to help simplify and reduce the costof user administration by offering the ability to add, removeor change the attributes of a group entity within theIBM Security Identity Manager consoleSimplify access management with anintuitive user interfaceSecurity Identity Manager comes with the Identity ServiceCenter, an easy-to-use, intuitive user interface that can helpbusiness managers request access rights—including accounts,roles and group membership—for their employees. Theseself-service capabilities can help save valuable time for IT staff.In addition, the Identity Service Center lets managers makemultiple access requests for an individual employee, helping toimprove productivity and accuracy.Security Identity Manager is part of a broad portfolio ofthreat-aware identity and access management solutions fromIBM. These solutions are designed to help clients manageand secure identities as a key line of defense across multipleIBM Security Identity Manager features the Identity Service Center, an intuitive user interface that can help managers make intelligent access decisions.2
IBM SoftwareData SheetCreate audit trails with detailed reportsEstablish separation of duties to managebusiness process conflictTo further strengthen identity and access controls, SecurityIdentity Manager includes native IBM Cognos reportingcapabilities and expanded Cognos report samples. This canhelp you easily deliver reports on consolidated workflows aswell as changes to access rights. Security Identity Manager alsoincludes audit trail collection, correlation and detailed reportingto address compliance mandates. Report examples include: Security Identity Manager helps manage business processconflicts with IT user access rights. Preventive, policy-basedseparation of duties enables you to define a business conf lict(for example, an investment banker cannot also be a stockbroker at the same time) and ensure proper administration ofuser access rights. This associates the appropriate security andcompliance requirements that are critical to preventing businessconflicts with the roles and provisioning policies governing useraccess rights. Organizations can still maintain business f lexibility by utilizing an exception workflow that gathers the businessjustification when an exception to the separation-of-dutiespolicy is required.Recertification historyOrphan and dormant accountsSeparation-of-duties summaryBy using Cognos reporting with Security Identity Manager,you can also leverage custom report authoring and reportdistribution to meet the unique needs of your organization.Use automated reconciliation to detectand correct noncompliant accountsAutomatically recertify access rights“Closed loop” reconciliation features can automatically detectand repair access policy violations that occur due to erroneouschanges made on a managed resource’s administrative console.You can use access rights reconciliation, recertification andreporting to:Security Identity Manager helps keep the simple tasks simplewhile still allowing for advanced customization. Powerful accessrights recertification features provide granular, auditor-friendlydetails for compliance along with policies that can be easily configured using wizards and templates. You can use SecurityIdentity Manager to: Quickly define recertification policies based on frequentlyused scenarios such as requiring an employee’s manager toapprove the employee’s access to the financial data warehouseonce per quarterEase administrative impact of manager approval through bulkrecertification of a user’s roles, accounts and groupsModel advanced workflows and organization processes withthe web-based graphical workflow designerConduct compliance attestation for a large number of ITresources not configured for automated account provisioning Automatically load and reconcile account dataIdentify and eliminate dormant and ghost accountsProvide ongoing proof for compliance and auditingMaintain records of changes related to access rightsLeverage request-based provisioning andaccess entitlementsManagers and delegated administrators can take advantage ofcomprehensive, request-based provisioning to easily request(with approval workflow) and approve user access to roles,accounts or fine-grained access entitlements such as sharedfolders. Using an intuitive user interface, managers can quickly3
IBM SoftwareData SheetThrough its dynamic schema discovery process and f lexiblearchitecture, embedded IBM Security Directory Integratortechnology can provide Security Identity Manager with administrative control over organizations’ homegrown applications—without requiring you to write or maintain code.and easily request access rights for employees—including roles,accounts and access groups—and change or delete access. Theycan also approve access requests and recertify users.Using the mobile application, managers can also approveemployee entitlement requests, and users can change or resettheir passwords—all from their own smartphone.Streamline the design of an effective roleaccess structureReduce costs with self-service andpassword managementChief information officers and IT directors are taking stepsto improve or streamline the manner in which role-based accessis provided. These processes are labor intensive due to thenecessary analytics, and they require regular interaction withthe business owners. Generally, these projects end up takingtoo long and the results are obsolete by the time they areimplemented.Security Identity Manager enables end users to perform taskssuch as password changes, profile updates and requests for newaccess rights, helping to reduce costly help-desk calls. Forexample, a self-service challenge/response system is includedto enable users to correct forgotten passwords without callingthe help desk. Requests can be viewed, modified, approved orrejected through a web-based interface, and users can beautomatically notified of the status of their requests. SecurityIdentity Manager can also help improve access control andoverall security by enforcing policy-based password controls,such as hard-to-guess passwords and frequent passwordchanges.The IBM Security Role and Policy Modeler component ofSecurity Identity Manager provides a platform that facilitatesthe iterative role modeling and mining process. It creates abusiness-user friendly sandbox environment that models andsimulates access scenarios and policies for a more effective roleand access structure for the business. Business analysts are ableto hone the role definitions with a broad set of best-practicerole analytics tools. The solution also helps automate rolelifecycle management using a business process automationplatform for role structure approvals by business owners.This capability can help you:Web-based, self-service, role- and rule-based administrationfeatures in Security Identity Manager—as well as its embeddedworkf low engine—enable administrators to group users according to business needs and delegate functionality as needed. Forexample, they can easily specify who can add, delete, modifyand view users and reset user passwords. By delegating thesetasks to other organizations and business units, administratorscan have more time for more strategic activities. Support existing, new and customizedenvironments with little or no coding Security Identity Manager provides out-of-the-box support formore than 50 endpoint-managed systems that can be managedremotely or with a local adapter to simplify deployment. It alsoprovides tools to help assimilate these new business resources asthey are added.4Reduce the time to collect, clean and validate user access data,analyze it for common patterns of access and produce aneffective role structureObtain quick approval from the business for rapid deployment or certification of the role structureOffload decisions about user access policies to the businessowners
IBM SoftwareData SheetDeliver access through a hierarchicalrole structureEstablish group managementSecurity Identity Manager helps automate and centralizethe definition of groups used to manage user access on nativeapplications and systems. You can add, modify or delete groupsdirectly from Security Identity Manager and streamline theprocess for defining access and assigning user membership togroups.Security Identity Manager offers a role hierarchy that establishes parent/member role relationships to automatically createuser access rights through the notion of inheritance betweenroles. You can administer a role structure that contains businessroles (collections of users) and application roles (collections ofpermissions). And when roles are associated with provisioningpolicies, they can automatically grant, modify or remove useraccess rights. This can simplify and reduce the cost of administering user access to resources, while also helping reduce thepotential for administrative errors and inconsistencies inherentin manual processes.Take advantage of customizableinterfaces for optimal usabilitySecurity Identity Manager is not built with a “one-size-fits-all”approach to identity management. You can easily customizeand integrate the user interfaces into an existing intranet orextranet site, allowing disparate users— such as auditors, endusers, managers, help-desk personnel, application owners andadministrators—to see the information that is most importantto them. Customization options include style sheets and on/offconfiguration options, such as whether or not to show navigation “breadcrumbs” or a header banner. And there is no needto re-implement customizations during software upgrades.Quickly configure systems and onboardnew servicesSecurity Identity Manager can help you significantly reduce thetime required to activate new accounts and onboard new managed services. Preinstalled adapters, wizard-driven templatesand built-in account defaults help accelerate deployments andreduce the learning curve for new users.Why IBM?The powerful workflow and policy engine within SecurityIdentity Manager can easily be configured in either “simple” or“advanced” mode. Simple mode uses predefined best-practicetemplates to implement basic provisioning, recertification andcompliance-alert workflows. Configuration and setup is easyusing only drop-down lists, check boxes and radio buttons—no scripting or programming knowledge is required. Advancedmode provides a graphical, drag-and-drop workflow designerto quickly organize and easily develop workflow processes tosupport the organization’s provisioning policies. For example,the workflow engine supports parallel and serial approvalprocesses and also provides checkpoints in a workflow processto allow input of additional provisioning information.Security Identity Manager is a comprehensive identity andaccess governance solution that provides embedded core rolemanagement functionality—role hierarchy, separation of duties,role modeling and role lifecycle management—integrated intoa single product. It also includes the IBM Security Role andPolicy Modeler, which helps you quickly design and fine tunethe role structure into an effective access template that is validated with the business owners throughout its lifecycle.IBM Security offers threat-aware identity and access management solutions to help clients manage and secure identities as akey line of defense across multiple perimeters, providing secureonline access in today’s mobile, cloud and social environments.IBM Security solutions can help organizations prevent insiderthreats, protect online resources from unauthorized access,comply with security regulations, and meet some of today’sbiggest security challenges.5
IBM Security Identity Manager at a glanceSupported platforms: IBM AIX Microsoft Windows ServerSUSE Linux Enterprise ServerRed Hat Enterprise LinuxSupported managed systems:Integrates with dozens of popular applications and platforms, throughthe use of adapters:Operating systemsDatabases, directories, content management systemsCloud applications such as Salesforce.com and Google AppsAccess control systemsEmail and messaging systemsBusiness applications and enterprise resource planning (ERP)systems Copyright IBM Corporation 2013IBM CorporationSoftware GroupRoute 100Somers, NY 10589Produced in the United States of AmericaNovember 2013 For more informationIBM, the IBM logo, ibm.com, AIX, Cognos, and X-Force aretrademarks of International Business Machines Corp., registered inmany jurisdictions worldwide. Other product and service names mightbe trademarks of IBM or other companies. A current list ofIBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtmlTo learn more about how IBM Security Identity Manager,contact your IBM representative or IBM Business Partner, orvisit: ibm.com/software/products/us/en/identity-manager/ Linux is a registered trademark of Linus Torvalds in the United States,other countries, or both.About IBM SecurityThis document is current as of the initial date of publication and may bechanged by IBM at any time. Not all offerings are available in everycountry in which IBM operates.IBM Security offers one of the most advanced and integratedportfolios of enterprise security products and services. Theportfolio, supported by world-renowned IBM X-Force research and development, provides security intelligence to helporganizations holistically protect their people, infrastructures,data and applications, offering solutions for identity and accessmanagement, database security, application development, riskmanagement, endpoint management, network security andmore. These solutions enable organizations to effectivelymanage risk and implement integrated security for mobile,cloud, social media and other enterprise business architectures.IBM operates one of the world’s broadest security research,development and delivery organizations, monitors 13 billionsecurity events per day in more than 130 countries, and holdsmore than 3,000 security patents.Microsoft and Windows are trademarks of Microsoft Corporation in theUnited States, other countries, or both.THE INFORMATION IN THIS DOCUMENT IS PROVIDED“AS IS” WITHOUT ANY WARRANTY, EXPRESS ORIMPLIED, INCLUDING WITHOUT ANY WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND ANY WARRANTY OR CONDITION OFNON-INFRINGEMENT. IBM products are warranted according to theterms and conditions of the agreements under which they are provided.Statement of Good Security Practices: IT system security involvesprotecting systems and information through prevention, detection andresponse to improper access from within and outside your enterprise.Improper access can result in information being altered, destroyed ormisappropriated or can result in damage to or misuse of your systems,including to attack others. No IT system or product should be consideredcompletely secure and no single product or security measure can becompletely effective in preventing improper access. IBM systems andproducts are designed to be part of a comprehensive security approach,which will necessarily involve additional operational procedures, and mayrequire other systems, products or services to be most effective. IBM doesnot warrant that systems and products are immune from the malicious orillegal conduct of any party.Please RecycleTID10294-USEN-05
Security Identity Manager helps automate and centralize the definition of groups used to manage user access on native applications and systems. You can add, modify or delete groups directly from Security Identity Manager and streamline the process for defining access and assigning
