Compliant & Secure Access Management through Group Membership Self-Service

Allow Application/Data Owners to Self-Manage Their Groups

Managing access to applications and data can be a time-consuming and cumbersome process. Your IT Administrators are often asked to grant access to sensitive data without knowing whether a particular user should have it. This may result in access delays, risks of inappropriate authorization, and access groups that become bloated, outdated, and inaccurate. The result could be your organization failing its compliance audits.

ActiveRoles Self-Service Manager allows your organization to empower application and data owners to self-manage their access to groups and Exchange distribution lists in a secure and compliant manner. By doing so, the responsibility of access management and compliance is moved from IT to the person who understands the business justifications for granting access. The cost saving can also begin to accumulate by delegating previous administrative tasks to application/data owners.

Self-Service Manager enables application/data owners to: 

• Update their own account information, such as mobile phone number or home address

• Check the workflow status of their requests that require approval by other people

• Work on tasks assigned to them for approving operation requests initiated by other people

• View, modify and certify accuracy for assigned groups

• Review the change history of the groups they manage

 How Does This Help Achieve Compliance? 

Compliance auditors will often ask: 

• How does IT know who should be added to, or removed from a particular group?
• Do you continually check and update group memberships for access to sensitive information, data, and applications?
• Do you have a change history of who was added to, or removed from, sensitive groups? Do you know when these changes happened?

More often than not, organizations have inadequate answers. ActiveRoles Self-Service Manager can help you achieve and sustain compliance on three easy steps:

Assign –owners of applications, business areas or data can manage the group access to their information; your IT staff no longer needs to guess who should have access.

Manage –the assigned group owners can accept or deny requests for users to be added to their access groups.

Review –group owners will be required to periodically review group lists and certify they are up to date and accurate.

• Compliance responsibility - No longer will the compliance burden and responsibility of granting access to sensitive resources (documents, applications, etc…) fall to IT but to the data owner who will know who should or who should not have access
• Prove Segregation of Duties - Via Rules we can establish segregation of duties and provide easily demonstrated access controls for compliance auditors
• Group Attestation - Ensures access groups are always current, up-to-date and remain necessary by periodically requiring data/application owners to review and certify their groups and group memberships
• Audit & Tracking - Access group tracking is improved by providing history logs of reviews & certifications (attestation) throughout the life of a particular group