In order to deliver efficient and consistent access and access changes with rapid application on-boarding we use IBM Security Identity Manager. ISIM delivers simplified access, provisioning and identity management capabilities in a solution that is easy to install, deploy and manage. It provides extensive, automated user provisioning capabilities as well as password management and auditing & reporting capabilities. This enables you to very precisely determine who exactly has access to your systems. You can also decide on what exactly they are allowed to access, and ensure that users access only what they need for their business tasks.
The hybrid model of automated provisioning resources combines request and role-based approaches, which are both supported by IBM Security Identity Manager. For a subset of employees or managed systems, you might want to automate access with role-based entitlements. All other cases – the exceptional access requests – you can process through a request-based model. Most importantly, we offer a practical, customized solution that adapts to any direction you wish to go.
You use service tags to fine-tune provisioning policy entitlement for a service type. You can specify that entitlement is only applicable for services with matching tags. On the administration console, you can trigger automated provisioning of new accounts and policy enforcements on all accounts of a service.
Your team can use business plans and requirements to decide how much to customize IBM Security Identity Manager. For example, large enterprises might require a phased roll-out plan for workflows and custom adapters that is based on a time line for incrementally provisioning applications that are widely used across geographies. Another customization plan might provide for two or more applications to be provisioned across the entire organization. User-application interaction can be customized, and procedures for provisioning resources might be changed to accommodate automated provisioning.