Benefits of Identity Governance and Intelligence

End-to-end user lifecyle management

IGI streamlines access management, automates the identity lifecycle process and reduces the need for manual labor. Its capabilities include powerful role management, multilevel provisioning workflow and integrated password management. IGI offers a rich set of mature and compatible application adapters, both on-prem and for the cloud.

Access certification

IGI enables the business to run access certification campaigns to reconfirm users access needs with a customizable, self-service user dashboard. This simple experience quickly provides flexible and powerful workflow allowing users to easily recertify access.

Business-activity based approach to model SoD violations

IGI uses a unique business activity-based approach to model separation of duty violations rather than relying on unmanageable role-to-role comparison. Business activities are immediately readable to the business user and enable a very clear way of showing risk that is both understandable and actionable.

Powerful identity analytics

IGI helps you identify areas of risk and access optimization through powerful identity analytics, providing priceless visual insights on risky users and behaviors. This allows for better visibility and user access control for role mining and role modeling.

Extend ServiceNow catalogue with access management

IGI offers a native integration with ServiceNow, the popular service management platform. This integration helps users facilitate requests in the ServiceNow interface they are accustomed to, paired with comprehensive governance capabilities from IGI keeping them secure.

Enhanced password synchronization

IGI provides you with full coverage of password management. This helps ensure that the end user experience is better and more secure, utilizing Password Synchronization, Reverse Password Synchronization and The Desktop Password Reset Assistant (DPRA).

Integration with privileged account management products

IGI integrates with several PAM products, allowing organizations to centrally manage and control all identities, including privileged identities and entitlements. With this integration you can manage certification, delegation and separation of duties.

Unique SoD controls for SAP

IGI provides fine-grained, (transaction and authorization object level), controls on detecting separation of duties violations on SAP users and roles. It supports SAP role cleansing and user violation mitigation.

Data governance capabilities and GDPR specific controls

IGI helps organizations ensure that the personal data they process, collect and store is properly protected, allowing only the right people to access and manage the right data. IGI provides a business readable representation of GDPR risks. This business context helps a non-technical user decide the appropriateness around access, leading to more efficient decision making.

Integration with QRadar UBA for insider threat management

IGI integrates with Qradar UBA to tackle insider threat detection and remediation. Depending on the risk score derived from UBA, IGI can take action immediately, containing the threat and responding with additional verification, temporary suspension or shutdown of access.

Superior, fine-grained z/OS integration

Beyond provisioning, IGI allows for fine-grained control on RACF, allowing you to apply certifications and separation of duty controls to group resources and access levels. It supports RACF group cleansing and user violation mitigation.

Closed-loop compliance

IGI allows you to combine preventative and detective controls such as least privilege and separation of duty, to be flexibly modeled and reviewed by business users and promote the involvement of the right stakeholders in defining the policy and reviewing the violation detected.

Learn more about Identity Governance and Intelligence

Read the data sheet

Customer case studies

  • E.ON Streamlines IT Audits with IBM Security Identity Governance

  • EZCorp: Better Visibility & User Access Control with IBM Security Identity Governance & Intelligence

How customers use it

  • To ensure users have proper access levels

    Problem

    Traditional identity systems with complex roles and IT entitlements often leave business users in the dark, unable to make sense of simple access requests.

    Solution

    IGI uses business-centric activity data to help end users and line of business managers understand the nature of the access they are requesting. This means they can ensure users have proper access to applications and systems.

  • To make it easy for a LOB owner to manage access

    Problem

    Line of business owners need to have effective tools to manage user access to IT resources.

    Solution

    IGI provides a business friendly user interface to help line of business owners request, review and approve access for team members and automate end-to-end provisioning for user’s access to Servers, Applications and Database systems.

  • To automate risk mitigation based on user activity analysis

    Problem

    IT Systems need to detect malicious user activity and respond quickly to prevent and contain insider threats.

    Solution

    When anomalous use behavior is detected by Qradar/UBA, the user’s accounts are suspended in IGI, and an orchestration of the offense is initiated to engage the user via IBM Verify to mitigate the risk and follow up with proper actions.

Technical details

Software requirements

Software requirements for IBM Security Identity Governance and Intelligence can be viewed at:

    Hardware requirements

    Hardware requirements for IBM Security Identity Governance and Intelligence can be viewed at:

      You may also be interested in

      Other related IAM products

      IBM Security Access Manager

      Secure and simple user access management for employees and consumers.

      Learn more

      IBM Cloud Identity

      Easily bridge from on-prem identity and access management to the cloud

      Learn more

      IBM Security Secret Server

      Next generation privileged account management and application control

      Learn more

      See how it works