Idea ID: 2874487

differentiate more strict between identities and accounts

dbuschke
Status : New Idea

Hi,
the identity model in Identity Governance is more advanced then the one in IDM. That's great because you can differ between persons (identities) and the access of persons to applications (accounts). But sadly Identity Governance itself is not aware of this as you give identities access in "Configuration" -> "Authorization Assignments" by either adding groups or identities directly. This has a bad side effect: identities must be able to login. This makes sense from IDM perspective but doesn't make sense from a identity model point of view.

Please make it possible to handle Identity Governance as application itself.

For example I could imagine a new application collector for identity governance which queries ??? (maybe IG database?). Then only these accounts can be used in IG on every point where you currently use identities ("Authorization Assignments", ownership, etc.).

regards
Daniel

Labels:

Configuration

  • What I've done in the past is to pull in Identity Groups in the Identity Collector, and to also pull those in with my eDir collector as permissions.  I use the right Identity Group to assign permission, and then I use the permisison in the catalog (from eDir as an Application) during the review of that access.   I've thought about a jdbc collector for IG permissions, but that didn't seem worth it, but you could collect accounts (and link them back to the identity, should be easy) and perms, and then review it.

    --Jim

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.