• Audit
• Authorizations
• SAP Workflow
• GRC Services
• Identity & Access Management
• Day-to-Day Support
• Trainings
• Webinars

Identity & Access Management

Allocation, change and withdrawal of user-ids and user-permissions is a complex key process. It must safeguard that thousands of users have the right to thousands of permissions out of millions. No more and definitely no less. A user must be able to do what he or she is required to do. In close cooperation with Identity Management Solution Software Providers, axl & trax developed a client-oriented method to gain full control over your authorization processes and/or to repair the existing authorization settings in your systems.

In identity management, it is crucial that the organization is represented truthfully and in such a way that it can be used to abstract from single persons to departments and roles within the organization.

When an organization is depicted adequately and roles with responsibilities are clearly defined, the allocation of access rights becomes much easier and thus a logical process rather than a difficult, critical and time-consuming activity. Once your organization with its departments and the roles are defined, it is a matter of linking persons to the roles and a representative starting point is created for identity management.

Working with identities is a further abstraction away from the system-specifics and user-specifics and allows for more effective control and more efficient security administration.

The term "provisioning" comes from the verb to provide. User provisioning is nothing more (or less) than providing your users with access to your resources and taking out obsolete access rights. User provisioning software facilitates security administration by technically automating the process that involves a sequence of activities that are done manually.

Provisioning generally improves efficiency in your security administration and may occasionally improve control. Control improvement is achieved because changes can be made faster and because changes are implemented consistently through the provisioning software.

Many people confuse the terms provisioning and identity management. Identity management software typically performs provisioning functions, but provisioning alone is not identity management.

A key aspect of control within the area of identity management is that you must be certain that the implemented user access rights are valid and that the setup is as intended. The first is to test whether all requested changes were processed. This is basically testing whether the provisioning functions work correctly. The second is to test whether the implemented access rights correspond with the intended access model. To ascertain the validity of access rights, a "to-be" situation must be available to match the "as-is", the current situation. This administration is not provisioning.

Provisioning is only the action to dispatch authorization data over several systems. The administration containing the basis for these instructions is an entirely different field of play. The method to administer this "to be" is often referred to as role based access control.

To control the use of IT means controlling the identity and access management process.

As additional applications are exposed to an increasing number of users, organizations need to (re)consider their identity and access management requirements and their unique business objectives. They also need to provide strong authentication and have to manage multiple authentication methods. They also must provide different levels of authorization and a wide range of access rights for a growing, diverse and dynamic user base. All this has to be accomplished from one framework that consolidates management and reporting.

The current approach of having separate authentication and authorization infrastructures will probably not scale effectively as organizations are increasingly automating critical business processes. Which is why organizations are anticipating a future where all their needs can be addressed from one powerful identity governance framework i.e. their identity and access management governance framework. At this point, the technology will have its greatest strategic impact on the business through risk mitigation and compliance as well as revenue generation and cost reduction.

In close cooperation with Identity Management Solution Software Providers, axl & trax developed a client-oriented method

• to gain full control over your authorization processes;
• to repair the existing authorization settings in your systems.

The two elements that together determine your ability to manage and control the use of IT.

The following list illustrates some of the common drivers for an Identity and Access Management solution:

• organizational efficiency. Enable transactions and person-to-person communication.
• competitive advantage. Capture new or larger shares of markets and enhance company position against competitors.
• security. Enable authorized access and prevent unauthorized access to information and services.
• speed of reaction to change. Mergers, reorganizations, departmental moves.
• fraud prevention. Hard to quantify, but can clearly provide major savings.
• consistent treatment of the individual. “End-to-end” management of employees, “single view of the customer”.
• integrated information infrastructure. Enable move away from “information silos” and “IT-processing chimneys”.

axl & trax's proposition for Identity Access Management comprises:

• defining the business drivers;
• IAM Governance including guiding principles, policies, management model, federation and legislation;
• IAM Architecture design based on best practices, technical standards and business processes;
• IAM Operations through administering access controls, monitoring and recovery processes;
• a reliable platform to implement Enterprise Single Sign-On.

axl & trax's proposition for Identity Management results in:

• complete control over authorization processes at operational and tactical level
• a reliable and permanent up to date administration of the right user-permission combinations being propagated to any SAP® system or any other system (web or non-web) encountered including your legacy.
• permanently guarded consistency between the desired State as administrated and the actual state in the connected systems.
• an implementation method that enables you to find inconsistencies between desired and actual state allowing the cleansing of connected systems and adoption of reality in your administration and allowing a gradual transition from actual to desired state. No Big Bang scenarios.
• proven compliance with security requirements through permanent auditing
• efficiency in IT management through central administration
• substantially improved quality of service for end-users, through increased speed and precision in provisioning, enterprise wide Single Sign On and delegation to business management of authorization decisions