Identity Manager (Deep IM) is the industry’s most lightweight solution that provides a “layered” approach to identity administration. Deep IM is an add-on component to Deep IACM and shares the same repository.
Deep IM and Deep IACM share the same connector to manage user identity lifecycle, their access within enterprises applications and systems. Deep IM enables enterprises to have complete administrative capabilities right from hiring till the users leave the organization. The entire process is automated using integrated workflow.
Lifecycle Management (Provisioning & de-provisioning)
Deep IM connects to various applications and systems to automate account creations, modifications and deletions. This lifecycle management tool manages user accounts, password, roles, groups, and profiles all the way down to entitlements/permissions.
Deep IM supports complete resource access administration such as file server and IoT resources. File server access for folder access request, creation, deletion and modifications are supported via File Server Plugins
Deep IM detects changes done in the attribute authority (HRMS) and triggers events for on-boarding, modifications, transfers and off-boarding. Deep IM ensures all triggered events are successfully executed at the target systems and failed events are rolled-back or notified to relevant parties for further actions. Each event is attached with action and automated with workflow for operational efficiency with detailed auditing.
Deep IM supports role-based provisioning, policy based provisioning or combination of both. Role-based provisioning provides event triggering based on role or job functions from HRMS systems or requestors requesting access based on roles defined in the centralized access request catalog.
Policy-based provisioning provides flexibility to organizations to craft rules on when and how accounts are administered. Policy rules can be as simple as change in attribute value such as department name, title, or even employee type. Another example of policy-based provisioning includes SoD compliance checks when events are triggered. Examples include a user making ad-hoc request for a new access in ERP systems, which is conflicting with his/her current access. In this scenario, Deep IM can highlight the risk and violations at the point of users making the request, approval and execution.
Shopping Cart Access Request
Deep IM centralized access request modules support shopping cart based access request. With shopping cart style of access request, users can submit multiple requests in single checkout facility.
Users are presented with options available to automatically display non-sensitive access of their colleagues so that users can commence their access shopping. Organizations can choose to turn off or on these configurable options to comply with data privacy act or PDPA.
Integrated approval workflow is available to automate the request management process that suits them the best. The workflow also supports maker- checker facility out of the box.
Deep IM supports standard or BYOD browsers for request, approval and status viewing.
Deep Identity provides a complete self-service portal for lifecycle management. The self-service portal access via standard or BYOD browser’s support:
- Self-service registration (with approvals)
Self-service registration process allows registrations (with workflow approvals) onto Identity Management platform so that they can use the functionality of Deep IM.
- Access Request Management
Shopping Cart Access Requests available in the self-service portal enable users to request for new access, view status and approve request with seamless experience.
- Profile Administration
Profile administration features allow employees and non-employees to update their profile information centrally so that this information can be synchronized back to respective target systems. Workflow approvals can be implemented as part of this profile administration.
- Account Un-lock/Password Reset/Synchronization
Self-service portal provides comprehensive management of accounts unlocking, password reset and password synchronizations for all target systems. Challenge/Response password reset or unlocking of accounts now supports OTP (one-time password) via BYOD device (mobile phone).
- Self-service Attestation (part of Deep IACM functionalities)
Self-service portal integrates with Deep IACM for users to perform self-service attestation via the same portal.
Organizations today can distribute the responsibility and work to end-users to improve productivity and ensure time-bound compliance.