Increased security for corporate information systems means managing the identities of people involved with the company (including employees, service providers and partners), and managing their access rights, based on their profile (position, membership in a group, etc.).
Hpliance, Avencis’s identity and user rights management solution, decreases the complexity and reduces the risk of errors stemming from managing the lifecycle of user accounts and their associated rights, via a simple and user-friendly interface that is accessible to “business” users.
- Creation of users and structures: can be done directly in Hpliance or through upstream provisioning (connectors with multiple HR databases or file import, etc.). Can manage multiple types of structures simultaneously (such as organizational and geographic).
- Fully configurable user file: lists the user’s main characteristics (contact information, position, status, etc.). Information is displayed and can be edited, based on the rights of the connected user.
- “Yellow Pages”/“White Pages” style individual search form: configurable, it allows multi-criteria searches. The solution displays a results list with a quick view of the main characteristics of individuals who match the search.
- Administration delegation: create/modify individuals who can be delegated as non-IT specialist administrators using Hpliance’s simple and user-friendly interface.
User rights management
- Definition of a rights model using automatic rules or manual assignment of rights.
- Definition of roles and permissions based on a standard OrBAC (Organization-Based Access Control) rights model.
- Permission automation and propagation: through rights models by business profile and/or membership in a structure.
- Viewing of rights: display the users’ theoretical and actual rights and their effective use.
- Coexistence of rights: when moving a person from one structure to another, cross-over mechanisms allow the person to retain their old rights for a configurable time period.
- Delegation of rights: the definition of user rights could be delegated to business users.
- Downstream provisioning: ability to create user accounts for individuals and assign them appropriate application profiles in target applications.
- Management of individuals’ statuses based on dynamic information (such as a signed IT charter or validated status).
Control over user accounts and permissions
Avencis solutions come standard with functions to give immediate and clear answers to those responsible for auditing and controlling the information system.
- Traceability and auditability of access and user rights for complete mapping of rights assigned to a user.
- Segregation of rights: definition of rules and monitoring for rights that are incompatible with one another.
- Display the impacts of changing a rule: absolute impacts, independent of any other rule in the rights model and relative impacts, based on other specified rules.
- Identification of user rights’ related errors: inactive accounts, assignment errors, persistent access, violation of task separation, etc.