Description: Creation of user accounts and assignment of corresponding entitlements are based on the results of a governance process. The governance process should include appropriate business justification approvals and risk mitigation, as well as constraints on access determined by business requirements. Governance process is tracked for auditing purposes.
Benefit: Provides evidence of control over who has access to what resources that are required to meet security controls and compliance requirements, for example PCI, HIPAA, SOX, etc.
Watch the deep dive webinar to learn more about this security outcome.
Implementation Approaches
Security Frameworks
NIST Cybersecurity Framework 1.1
- PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
- PR.AC-3: Remote access is managed
NIST SP 800-207; Zero Trust Architecture
- 3.1: The approaches include enhanced identity governance–driven, logical microsegmentation, and network-based segmentation.
- 3.1.1: The enhanced identity governance approach to developing a ZTA uses the identity of actors as the key component of policy creation.
| Title | IGA Initiates Access Provisioning Workflow |
| Technology Components | Identity Governance and AdministrationAccess Management |
| Description | User initiates a request for access from role and entitlement catalog. A workflow is initiated and is routed to appropriate approver(s) based on defined policy. Business case is reviewed, and approval is granted. Request and entitlements granted are logged for audit purposes. User access is provisioned to access management tool. User gets access per the policy and constraints defined. |
| Pre-requisites | Role and entitlement catalog has been built and populated.Approval process is defined for each role and entitlement.Attributes and policies are defined providing conditions and constraints for access.Service accounts for authentication to access management tool with rights to assign access. |
| Supporting Member Companies | Fischer Identity, ForgeRock, Okta, Omada, Remediant, Ping Identity, SailPoint, Saviynt, SecZetta |
| Title | ITSM Initiates Access Provisioning Workflow |
| Technology Components | ITSM (IT Service Management)Identity Governance and Administration (IGA)Access Management (AM) |
| Description | User initiates a service request for access from ITSM service catalog. A workflow is initiated and is routed to appropriate approver(s) based on defined policy in ITSM tool. Business case is reviewed, and approval is granted. Request and entitlements granted are logged for audit purposes. ITMS hands off to IGA to provision user access to access management tool. User gets access per the policy and constraints defined. |
| Pre-requisites | ITSM service catalog has been built and populated.Approval process is defined for each role and entitlement.Attributes and policies are defined providing conditions and constraints for user access.Service accounts for authentication to access management tool with rights to assign access. |
| Supporting Member Companies | Fischer Identity, ForgeRock, Okta, Omada, Remediant, Ping Identity, SailPoint, Saviynt, SecZetta |
