ACCESS GOVERNANCE AND INTELLIGENCE
CAGI – AN OVERVIEW
INTUITIVE ACCESS REQUEST SYSTEM
One of the critical success factors in any IAM adoption is ensuring a top notch end-user experience. Saviynt has developed an intuitive user interface that is seamless across Web and Mobile (iOS and Android), giving end users complete flexibility in managing their requests, checking status, setting up delegation of authority, managing access certifications, etc. even when they’re on-the-go.
Users get a very intuitive shopping cart feel while requesting access complete with multi-level search and filtering capabilities across extensive resource catalog.
The approval workflows are flexible to support different types of approvals and dynamically routed based on risk and preventive SOD checks.
TAKE INFORMED DECISIONS DURING ACCESS REQUEST AND REVIEW
Saviynt provides a comprehensive view on AWS IAM console / DevOps access including role, action, and tag based permissions. Enterprises can then enforce business processes, approvals and reviews before administrators get access to commission workloads, upload sensitive data in S3 or undertake critical operational activities on AWS / DevOps. With over 250 security controls and risk signatures available out of the box and more that can be user-defined, Saviynt offers the means to continuously monitor the effectiveness of AWS security posture.
SELF-SERVICE APPLICATION INTEGRATION WORKBENCH
Onboarding applications quickly to consume IAG services has been one of the biggest hurdles in a traditional IAG model. Saviynt’s grounds-up approach to developing its next-gen IAG platform has resulted in an application integration workbench that provides business and application teams to integrate their applications in a self-service manner. The workbench drastically reduces integration effort and enables teams to configure their own workflows, clean-up accounts, define reports, etc. via a simple wizard that provides them step-by-step guidance.
This workbench not only reduces one-time onboarding effort but also enables application teams to continue maintaining identity and access management processes through the applications’ life-cycle
CONFIGURE, ‘NOT’ CODE
In a deliberate attempt to simplify deployment of IAG platforms, Saviynt has introduced several features that enable configuring traditional complex tasks instead of custom development. Saviynt comes bundled with several out-of-box access life-cycle management modules and features such as privilege access management, contingent worker management, badge management, AD group management, self-registration, self-account discovery and linking, etc. These modules allow rapid deployment of business use cases based on industry best practices.
The drag-n-drop workflow configurator simplifies customizing complex workflows to suite any business need. The out-of-box enterprise workflow in Saviynt has been developed to dynamically alter its behavior based on several factors including risk, multiple HRMS attributes, business unit, etc. This single workflow has been proven to reduce more than 80% workflows as compared to traditional IAG platforms.
INTELLIGENT IAM PLATFORM WITH INTEGRATED USAGE ANALYTICS
Saviynt’s next generation IAG platform combines analytics from usage and audit to enhance the capabilities of access life-cycle management. These analytics are ingrained in functions such as role mining, identifying actual vs. potential / realized SOD violations, continuous controls monitoring, etc. to ensure appropriate prioritization of significant risks in the environment and optimal use of IAM resources.
BEST-IN-CLASS ROLE ENGINEERING & ATTRIBUTE BASED ACCESS MANAGEMENT
The solution also brings various industry first techniques to ensure roles are accurate incorporating usage logs analysis, SOD simulation, bevy of configurable minable attributes and resources per mining instance, ability to check role impact (Role vs. Actual) analysis and a fully integrated role workbench to formalize and manage roles. Saviynt further extends traditional RBAC model with dynamic assignment based on attributes. This enables organizations to strike the right balance between RBAC and ABAC for provisioning access to applications.
COMPREHENSIVE SOD MANAGEMENT
A robust risk management platform is the cornerstone of Saviynt’s next-gen IAG solution. With over 200+ SOD rule sets across industry domains such as financial services and healthcare, and security controls, Saviynt assists organizations realize their governance, risk, security and compliance goals. The platform supports both preventive and detective SOD simulation and validation. Saviynt SOD remediation recommendations workbench is one of the most advanced in the industry that not only performs user to role analysis but also role to entitlement analysis to remediate any roles with inherent SODs and accelerate remediation phase.
In addition, Saviynt integrates usage analytics to identify actual violations that have been acted upon by users vs. potential SOD violations to prioritize remediation measures appropriately. With its ability to understand hierarchical entitlements within applications, Saviynt can perform SOD analysis across both coarse and fine-grained entitlements for effective security within a single app as well as cross-apps.
REMAIN A STEP AHEAD WITH CONTINUOUS CONTROLS MONITORING
Saviynt provides an integrated mitigating controls library to configure, accept and manage risks identified in a timely manner. Another critical feature provided for risk mitigation is on-demand monitoring of potential SOD violations or critical compliance controls to give control owners the most current view of sensitive transactions.
Reporting against these controls are made available through business friendly dashboards that are drill-down to facilitate further analysis.