Provisioning and governance

Identity provisioning and governance is an important step in ensuring that you met your audit and compliance requirements in your organization. This can help automate identity workflows for your organization when you have a large number of users.

There are several key components of Identity provisioning and governance:

  1. Manage passwords
  2. Manage permissions
  3. Automate workflows
  4. Recertify user access periodically
  5. Ensure compliance

If your organization has the right resources in place and data regulation requirements to do so, then identity provisioning and governance is a great option. But, how do you get started as a Security Admin or Analyst? Provisioning and governance can be a big hassle, but ultimately made easily with the help of IBM Security Verify.

Automate provisioning

Enable automatic provisioning and deprovisioning of user profiles to applications through SCIM and provide users with self-service options to request access to applications and reset and manage their own profiles and passwords.

View the current list of supported apps for provisioning

Verify supports SCIM for user provisioning (both inbound for HR tools and outbound to applications). The custom connector for Verify supports a generic SCIM endpoint for provisioning with a variety of authorization types, and custom attribute mapping support.

Account reconcilation

Keep user data in sync with application profiles with ease. This process fetches users and bring their profile data into Verify.

Adoption policy

When accounts are fetched from the target, those accounts need to be assigned to appropriate users in Verify as account owners. Adoption policy associates Verify users as owners of the target accounts. With adoption policy, one can write a rule based on which target accounts are assigned owners in Verify.

Remediation policy

Remediation policy helps define a process through which conflicting account attribute values can be corrected for non-compliant accounts. An administrator can use the policy to determine where the updates that are detected by an account sync are synchronized. Whenever account attributes on the target and on Verify are not the same, the remediation policy gives user a way to correct the values and keep accounts in sync. Account remediation can either be done manually or can be policy-driven which is triggered when the account sync operation runs.

Automate recertification campaigns

Implement periodic recertification cadences for higher risk applications to meet compliance requirements. Run concurrent and recurring certification campaigns based on user, groups or both. Apply campaigns to single applications or a group, like productivity apps for example.


Did this page help you?