Learn how we have helped multiple organizations centralize all access requests in IDM.
Current Situation: Any organization implementing IDM will have applications that make sense to integrate, some that would be nice to integrate, and others where the integration cost would take decades to realize a positive ROI.
Impact: The most successful IDM programs are the ones where the workforce uses the tools regularly. One of the best ways to get high engagement is with centralized application access requests in IDM.
Resolution: This solution has almost become a standard with our IDM implementations; it looks like this. IDM is connected to either a ticketing system (or database) which contains all available applications and requestable permissions/roles/entitlements. This data is pulled into an IDM solution like SailPoint IdentityIQ or MicroFocus Identity Manager.
End-users now have a one-stop-shop for everything they need since IDM knows about all available applications and access that can be requested. After access is requested and approved, provisioning will be ticket-based or automatic, depending on if the application is directly or indirectly integrated.
This solution is successful because the front-end experience is the same and the ticket-based or automatic provisioning is obfuscated from the end-user. In addition, the one-off provisioning requests are documented and auditable. With an automated feedback loop from ticket-based systems, even manually provisioned privileges are documented, so that life cycle events can trigger automatically generated tickets to remove or change privileges.