Advantages of Identity Management
One of the main advantages of Identity Management is the automation of IT business processes: When introducing an identity management system, all IT business processes such as “adding a new employee ” are first recorded and mapped in the identity management system. Then it is sufficient to initiate these processes and the “creation in multiple systems” and “obtaining of approvals” takes place automatically in the background, e.g. via workflow.
Data consistency and simplifying Administration
A company with IDM creates an employee only once in a trustworthy system (e.g. human resources department). All connected systems use this data in their user administrations as required (Metadirectory) and are immediately ready for use without further administrative effort – the new employee can immediately work profitably for the company. In the event of a change of department, all accounts, authorisations and other person-related data are automatically adapted according to the stored rules. Accordingly, when the employee leaves the company, all connected systems are prompted to block user accounts, delete authorisations, withdraw laptops and mobile phones, etc.
Improving the Helpdesk
Since Identity Management means that users no longer have to be administered separately for each individual system, but only at a central point, the processes run so quickly and comprehensively that no more calls are made to the helpdesk for account and authorization assignments. In addition, an IDM is able to react preventively and automatically to organizational changes, such as a change of department, and to adjust accounts and authorizations. No one needs to request this from the helpdesk.
Of course, there are also improvements in the Helpdesk through the use of the identity management modules SSO and User Self Service.
A further advantage of Identity Management is the considerable increase in security: A user can be blocked in a flash, with little effort and completely on all systems (mail, file server, intranet, PC, etc.). Access rights can also be changed in the same way. Preventive procedures can be defined by connecting to resilient personnel processes (relocation, function change, dismissal,…). These ensure that authorizations are revoked and changed as soon as HR changes the master data record. Neither IT nor the responsible technical superior must become active. Until now, IT lacked the information for such highly secure procedures. But today there must be no more “account orphans” (provisioning and deprovisioning).
Reducing costs and further simplificiation of Administration through provisioning
With a provisioning tool, a user’s authorizations, policies and roles are managed centrally for all connected systems instead of separately for each application / user administration. This means that a user can be approved for all connected systems from one instance within a few seconds and is immediately productive at the start of work.This eliminates wait times. Changes can be made just as easily and quickly. The automation of rules and procedures reduces the workload in the business department and in IT.
User Self Service
Every employee can change his own data at any time from his PC. In all connected systems, the corresponding information is immediately synchronized. In addition, user self-service accounts, authorizations, software, office supplies, etc. can be applied for. This saves time for both the business department and IT and increases satisfaction.
Single sign-on (SSO)
By using SSO, users only have to log in once; all further logins are done by the system in the background. This means a simplification for the user (increase of satisfaction), less calls at the helpdesk (password recovery) and therefore less effort.
All processes within an identity management system can be historically documented and stored with the help of an audit tool. This makes it possible to meet legal or regulatory requirements with regard to transparency of access rights.
Controlling access rights to data for a specific project is a complex task. To solve the activation via a fixed rule-based provisioning function would be rather time-consuming and cumbersome. User interaction with application and approval procedures is better suited for this purpose. Processes can be mapped at will, depending on the requirements of the company, as multi-level approval, reminder or delegation of processes. An automated escalation in the event of “non-processing” can also be installed.
Secure access for business partners – Federation
A federated identity management system, within which an IDM system exchanges data with those of the partner companies, ensures secure access to the partner’s data. User accounts, access rights, data, applications and other resources can thus be managed across company boundaries and in accordance with ones own security policies.