Automated identity?

Access & Identity Management Handbook 2011 Access Control & Identity Management

Ugan Naidoo, MD Security, CA Southern Africa discusses how effective service management processes help organisations build a solid IT infrastructure for delivering high quality services.

Identity and access management (IAM) solutions enable companies to manage their users’ identities and associated privileges, while securing access to sensitive resources. Today, these IAM services are generally not available to users within a service management framework, or when they are, they still depend on manual, organisation-specific procedures.

Establishing the user’s identity, role and access rights can involve filling out forms that are then transferred from one department to another to obtain the necessary authorisation. A similar process is followed when an employee’s personnel profile or business role changes or their tenure with the organisation finishes. The end-to-end process for any one of these operations is often laborious, manual and costly. Most importantly, it is subject to error.

Incorporating IAM services

Incorporating IAM services into an existing service management framework provides comprehensive automation for processes such as provisioning while allowing users to leverage existing interfaces to request other IT services.

Encapsulating IAM services within an organisation’s IT service management framework provides a number of benefits. This approach enhances the quality of IT services provided by the organisation, thereby increasing both organisational and user productivity. It also strengthens the alignment of IAM IT services to the business needs of the organisation and leverages a single point of contact for IT services by including identity administration service requests. Moreover, it improves the organisation’s ability to comply with regulatory restrictions through end-to-end transaction logging and auditing functionality.

IT service delivery of IAM

In order to remain competitive and viable in today’s business world, organisations are being challenged to supply customers with high quality services using cost-effective measures. Whether these IT services pertain to users’ requests for workspace, computer equipment, telecommunications services, or productivity applications – companies are adopting service management strategies to create effective processes that automate some of their most cumbersome admin activities.

For example, getting a new employee on board in a company is often an arduous process, typically involving manual communication mechanisms among multiple departments. Different departments fulfil the new user’s physical facility requirements such as their: telecommunications, computer hardware, human resources and security access. The overall process is typically disjointed, with no single point of visibility from which to monitor it end-to-end. Streamlining and automating such processes are paramount to solidifying the competitive viability of the organisation.

Most services within the IAM domain are viable for candidates to become part of an overall service management strategy. The success of such a strategy depends upon well-defined objectives and policies, as well as effective and efficient service management processes.

These include:

* Providing a single point of contact for service delivery (in the form of a service catalogue) to facilitate users’ access to IT’s portfolio.

* Ensuring the collaboration among departments by providing process components that automate the integration among disparate domains.

* Accommodating varying degrees of change management pertaining to user requests, by engaging a service desk as a single point of contact for service support.

* Securing access to corporate resources pertaining to the web applications that are central to the solution.

By encapsulating IAM services within an IT service management framework, the organisation enhances the quality of IT services provided, thereby increasing both organisational and individual productivity. IT services become aligned with business needs and a single point of contact and interface is achieved thereby simplifying interaction with the IT infrastructure and automating the approval and fulfilment workflow processes required to complete identity administration requests. Finally, the organisation obtains additional regulatory compliance benefits by virtue of the integration’s end-to-end transaction logging and auditing functionality.

The business case

The effective use of management tools to deliver IAM services begins with the following four functional areas:

* Provisioning a resource identity.

* Changing a resource identity, such as a user’s attributes or properties.

* Modifying resource entitlements, such as adding a role or business function to a user.

* Removing a resource identity.

Examining the business processes that encompass the provisioning of a resource identity highlights the complexity that can be involved. While the processes of provisioning a user with the appropriate access to systems and applications vary among organisations depending upon their IT maturity level, they represent an important subset of the processes required to get an employee onboard. They typically combine an overarching approval cycle with a number of forms-based e-mail communications.

To fulfil the new employee’s provisioning needs, the manager must obtain the required approvals and send the forms to people within other departments to complete specific steps. Employee data must be entered into a corporate management database (MDB). Entering such data is usually a manual function performed by IT and also entails defining a specific role for the employee, with associated access rights. Such role assignments require sign-off by the security team and the hiring manager. As a result, a ticket is opened in the service desk system.

The ticket eventually goes to the security team, which circles back with the hiring manager (and his or her superiors) to verify the request. Since the process takes place via e-mail, it can take several hours or days to complete. Once approval is granted, the security team approves the request and closes the ticket. At that point, the original IT team is informed, the role request can be fulfilled and the employee is granted access to required applications. Such a process requires extensive human interaction with no single point of oversight. If a hiring manager fails to respond to an e-mail requesting authorisation, the entire process comes to a standstill and requires manual investigation to identify the bottleneck. Meanwhile, the new employee is left without the required resources.

What integration brings

A more integrated approach enables users to manage the lifecycle of identity administration services using service management tools. Managers use the simple user interface in a service catalogue to order IT services. Transparently, the service catalogue works with the identity-provisioning manager to fulfil their requests. The solution builds upon and complements an organisation’s IT service management strategy to deliver high quality identity administration services using automated and cost effective measures.

Identity administration tasks are registered as services within the organisation’s service catalogue. The hiring manager uses the service catalogue to choose the IT resources the new employee needs. Behind the scenes, the service catalogue triggers a series of workflow processes that obtain the necessary approvals. Once all approvals are acquired, a fulfilment workflow process is executed that either triggers service desk change management to further analyse the change before submitting it to identity management, or executes identity management directly to fulfil the provisioning requests.

The identity management process then creates the necessary accounts and access rights. Throughout this process, the identity management subsystem monitors the status of the provisioning request and updates the service catalogue with the success or failure of the operation. Should any step be delayed, the service catalogue tracks the current state of the request. Should anyone inquire as to the status of the request, support personnel can immediately determine where the process stands, thereby reducing the need to chase paper and follow e-mail trails throughout the organisation.

In a similar way, if the user changes roles or business functions or leaves the organisation, the service catalogue triggers a workflow process to obtain the necessary approvals, and then the same fulfilment process, as described above, takes place. While delivering these services, logs are maintained that facilitate any subsequent auditing of the changes.

The benefits

Such an automated approach brings a number of important benefits to the process, including:

* Enhanced quality of IT services provided by the organisation, increasing both organisational and user productivity.

* Improved alignment of business process and identity administration, allowing IT to become a business enabler with employees receiving IT services in a consistent fashion.

* Security policies become more closely aligned with business goals and more consistently enforced.

* Automation enables IT to be viewed as a service that is transparent to users.

* A single point of contact for all IT provisioning needs. Managers and users can perform either delegated administration or self-service identity administration functions.

* Central tracking, management and reporting. IAM services are delivered based upon established service level agreements.

* Improved security and compliance through:

- Automated processes that improve consistency and accuracy in applying roles and access rights to individuals.

- Creation of an audit trail, helping to ensure compliance with industry and government regulations.

- Automated off-boarding, which ensures that employees who have left the organisation can no longer access corporate resources.

* Streamlined workflow

- The integration results in a well-defined process that can be used to provision accounts, roles and access requests.

* Cost savings

- Less manual intervention in the procurement process means less productivity loss for all concerned.

- Simplified training. With a single place to go for all IT service requests, educating staff on how to obtain access to systems and applications, processes is simplified.


In its July 2008 examination of the identity management market, the Burton Group summed up the situation well. “The complexities of the identity system must be simplified as organisations are forced to manage an ever growing user community, integrate with partners, and offer identity related services to customers and other external entities.”

Organisations can put the solution in place today and gain significant, immediate advantages by streamlining the process of delivering IT services. At the same time, they will be positioned for the future, having taken a step in the direction of achieving a simplified, automated, and integrated application architecture.

For more information contact CA Southern Africa, +27 (0)11 417 8645,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A contact-free hotel experience
Issue 7 2020, Technews Publishing , Access Control & Identity Management
Check-in and go straight to your room without stopping at the reception desk at Hotel Sky in Sandton and Cape Town.

AI digitises coronavirus management
Issue 7 2020, NEC XON , Access Control & Identity Management
NEC XON is using NeoFace Watch and specialised thermography cameras to measure temperature and identify employees and visitors.

Combining visual and IR face recognition
Issue 7 2020, Suprema , Access Control & Identity Management
The FaceStation F2 offers face recognition and anti-spoofing performance.

Anviz unveils FaceDeep5
Issue 7 2020, ANVIZ SA , Access Control & Identity Management
Anviz Global has unveiled its new touchless facial recognition identity management and IoT biometric device.

Secure by default
Issue 7 2020, Axis Communications SA, CA Southern Africa , Editor's Choice
A Secure by Default strategy means taking an holistic approach to solving security problems at the root cause, rather than treating the symptoms of a cybersecurity defect.

Touchless biometric options
Issue 6 2020, Entry Pro , Access Control & Identity Management
When it comes to estate access control management, the foremost topic of conversation at the moment seems to be the importance of touchless biometrics.

Fast access to Kevro production facilities
Issue 6 2020, Turnstar Systems , Access Control & Identity Management
Employee and visitor access at Kevro’s Linbro Park premises in Gauteng is controlled through eight Dynamic Drop Arm Barriers from Turnstar.

Know your facial recognition temperature scanner
Issue 6 2020, ViRDI Distribution SA , Access Control & Identity Management
Facial recognition with temperature measurement is, for the most part, available in one of two technologies – thermopile and thermography/IRT.

Suprema integrates with Paxton’s Net2 access control
Issue 6 2020, Suprema , Access Control & Identity Management
Suprema has announced it has integrated its devices with Paxton’s access control system, Net2.

Contactless check-in at hotels
Issue 6 2020 , Access Control & Identity Management
Onity has delivered the DirectKey mobile access solution to hotel chains around the globe, which allows for contactless check-in and property access.