Introduction to Process Designer

The PD module helps you design and define the authorization processes.

Process Designer provides a modeler capable of outlining every type of workflow finalized for implementing custom authorization processes, that can be accessed from the Request Center front end module of IBM® Security Identity Governance and Intelligence.

The Process Designer strength lies in its ability to describe an authorization process using an instrument of visual design, that supports the administrator from the beginning of the process to the end, which is marked by the automatic production of front end graphical pages associated with every single activity.

This module, together with Access Governance Core (AGC), which implements the role-based access control engine of IBM Security Identity Governance and Intelligence, provides all the tools and functions needed for managing effectively:
  • Requests to access the system application
  • Allocation/revocation of authorization profiles
  • Password lifecycle
  • Notifications that are sent to users during different phases of the authorization process
  • Temporary delegations of personal roles associated with users of the system
  • Definition of the visibility range associated with an administrative figure.

Process Designer is a highly configurable module that can be used by system integrators or administrators of an organization to plan an authorization workflow.

For every administrative figure (IAM actors), it is possible to define a visibility range that only includes parts of the organization (hierarchy of organizational units and its associated users) that are directly involved and the applications with which it can deliver the necessary authorization.

The integrated workflow engine in this module enables you to create appropriate combinations of authorization actions, with the aim of defining groups of permissions (condensed into roles) for every single user registered by the system.

You can create approval processes for the allocation or revocation of a user role, established by different intermediate levels, each one pertaining to a distinct actor within the process.

Request Center directly communicates with the Access Governance Core for the allocation and the revocation of user roles and for the propagation of permissions on potential target systems.

An example of the structure of a possible authorization flow, implemented by Process Designer, is shown in the following diagram:
Figure 1. Workflow based on four IAM actors
Diagram: Workflow with four IAM actors