From role model
and Single Sign-On to DMS

SecuIAM stores master data securely and transfers it to the appropriate systems. Changes to the master data are either made in SecuIAM or imported from a connected HR system, and are then automatically passed to target systems on a regular basis. In this way, SecuIAM keeps the master data for all connected systems up to date. This data can be adjusted using either a client installation or the SecuIAM Web Portal and then passed to the relevant systems via connectors.

The SecuIAM Web Portal is a web-based administration interface giving users self-service functionality in line with their permissions. They can use it to update their user data, change their password, perform tasks such as approvals, manage policies, submit requests (e.g. for time off, equipment or permissions), run reports and more. The range of services available in the Web Portal differs from company to company and from user to user, depending on the users’ permissions as defined in the roles assigned to them, and the services licensed by the business.

IT Service Management

IT Service Management (ITSM) refers to services that simplify the interactions between business processes and your IT department. ITSM should allow the user to act independently within the corporate IT environment, within defined limits. This might involve admin-relevant request processes or the automation of processes. The aim is to reduce dependence on the IT department, give users more freedom, and reduce time and effort. SecuIAM supports the interaction between users and the corporate IT department in a number of different ways. For instance, its request process for virtual machines, whether in-house or in Azure AD, and its automated employee entry and employee exit processes all come under the heading of ITSM.

Every larger enterprise is faced with the complex challenge of managing its employees’ personal data, accounts and access permissions, and this is precisely what IAM systems were designed to do. The SecuIAM Role Model makes it possible to assign business roles to the user; these business roles contain the system roles and permissions that the user needs to do their job. This ensures that users only receive the permissions they actually need in their work capacity. Thanks to its modular structure, SecuIAM is exceptionally easy to customize. Not only is it easy to integrate it into an existing system, but it can also be set up to meet the specific needs of the customer. It also offers a range of services that go well beyond normal IAM functionality. SecuIAM is available both as an on-premises or cloud solution.

Manage your documents

SecuIAM can also be used as a Document Management System (DMS). Documents can be made available securely and transparently, depending on the context and the users’ permissions. Documents can be downloaded, checked out and checked in, and be assigned to individual users, role-holders, members of specific organizational units, or project teams. Each document can be given a security classification, a document type, an expiry date and more. It is also possible to view its history, showing who modified and/or re-released the document, and when. The uploaded document can also be assigned to a system in the form of a policy; this is then re-distributed to users of the system at regular, configurable intervals for reconfirmation.

SecuIAM also handles aspects of asset management

An asset management system is a type of software that assists in the management of capital assets and material goods in IT facilities. SecuIAM’s equipment management function makes it possible to manage resources such as mobile phones, parking spaces, notebooks and more. These items can be made subject to approval as part of a request process. These requests are sent to holders of a specified role for their approval and for the requested item to be issued. On expiry of the time period specified in the request, or if the employee leaves the company, a process reminding the user to return the equipment is started.

In addition to its role as central data server for user and/or enterprise data, SecuIAM also serves as a data hub. Data is passed to connected systems via standardized, automatic input and output connectors, which are available for a range of standard systems. In this way, SecuIAM ensures that data always remains consistent and up to date across your systems.

Analyze, optimize and create system roles

Role Mining is an optional SecuIAM add-on that analyzes system roles on the basis of a range of specified criteria. This usually results in a new role suggestion that can then be stored in the database. With Role Mining it is also possible to identify similar system roles with similar permissions, thus avoiding role duplication and proliferation.

Absence requests

Absence management in SecuIAM takes the form of a request mask. Users can request an absence for themselves or, if they have the necessary permissions, someone else. The dates, whether individual days or longer periods of time, are selected from a calendar. There is a comment field where an explanation can be entered for the approver’s information. Once the request has been submitted, the responsible manager is notified by email and can then go to the Task Manager in the SecuIAM Web Portal and either approve or refuse the request, or delegate it to someone else to deal with.

Pool resource service in SecuIAM

SecuIAM makes it possible to request and manage pool resources. These might include AD filespaces, Exchange mail groups or SharePoint, for example. The user simply goes to the SecuIAM Web Portal to access the request mask and/or admin interface of the pool resources for which he or she is the owner.

Enterprises sometimes need to set up interdisciplinary teams for certain projects. In this scenario staff from a number of different organizational units or locations, and sometimes even external associates, need to be given access to designated systems and information.

Filespace for teams

For an effective project team, especially if its members are in different locations, a data exchange platform is absolutely indispensable. SecuIAM not only lets you create and manage dedicated team roles, but can also provide these teams with filespaces, set a team expiry date, supply team documents, etc.

More security with PSA

SecuIAM Privileged Shared Accounts are used for the assignment of security-sensitive, business-critical permissions. They are subject to an additional level of control by means of very precise reporting, and are only ever assigned on a time-limited basis. They are the ideal way to eliminate gaps in your security, especially in your IT administration – often considered to be the greatest source of risk to an organization, since IT staff combine high levels of expertise, detailed knowledge of the internal IT structure, and extensive permissions.

Forgot your password?

SecuIAM Password Self-Service allows users to reset their own password if they have forgotten their current one. Once they have identified themselves to the relevant working environment, they can have the system generate a new password for them, which will be sent to the email address or mobile phone number stored in the system. Security can be further enhanced by requiring answers to a number of security questions previously selected by the user. The user logs on with the new password supplied, and can then change it to something else.

Benefits:

• Fewer requests mean reduced User Help Desk workload
• Fast password changes and less downtime
• Increased security

Role modeling

SecuIAM can create models of your organizational structure and roles. As an example, the SecuIAM Role Model can be used to create and maintain a business-role model of the enterprise, which means that permissions for software systems can then be assigned via roles or groups. The SecuIAM Role Model can also be used in specialist personnel management functions such as training planning and risk analysis. The ability to model your organizational structure and roles is a prerequisite for the use of the process models that make significant automation of your IT service management possible.

Dealing with tasks arising in processes

A large number of automated processes are carried out within SecuIAM. Depending on how they have been modeled, these might contain steps that require an action from a designated actor. The actor is notified about open tasks by email and can then view and deal with them in the SecuIAM Task Manager. Available actions include accepting or refusing the task, modifying the validity or other attributes contained in the request, adding a comment, or delegating the task to someone else.

Automation for Active Directory

SecuIAM makes your Active Directory processes more efficient. Automation relieves the burden on your internal IT department and is less prone to error, while also making it much easier to provide resources on the basis of a user’s job function as well as to manage identities and their permissions. SecuIAM’s AD Business Shell is a specialist function package that completely seals the Active Directory and prevents direct administration of it. Administrators no longer need to access the AD itself in order to manage users, create resources or define AD-groups. With SecuIAM, these tasks can be almost 100% automated.

A range of authentication options

SecuIAM offers a range of dual authentication options for increasing security when accessing either the Windows workstation or the SecuIAM Web Portal. Any combination of biometrics, mobile token, security token or SMS token can be configured.

SMS token and mobile token:

If the user is required to enter a token in the course of dual authentication, this can be either sent to him or her by SMS, or generated using the SecuIAM Mobile Token app.

Security token:

Security tokens are encrypted and time-limited. This, together with their length and the large amount of information contained in them, greatly enhances security.

Biometrics:

Both SecuIAM Single Sign-On and the Logon Manager support biometric authentication using a fingerprint. This requires suitable hardware. This method not only provides a high degree of security but is also very convenient for the user.

Protection for sensitive data

The introduction of the EU General Data Protection Regulation (GDPR) in May 2018 created new challenges for many businesses with respect to protecting the personal data of EU citizens. If sensitive personal data is stored, special care must be taken to protect it from loss, alteration, destruction, unauthorized access or disclosure. SecuIAM has a wide range of features that help enterprises comply with GDPR: examples include risk classification for objects, its role concept, granular permissions and approvals, and the ability to be used as a data repository. In addition, SecuIAM also provides powerful ways of automating information and deletion processes, as well as of ensuring adherence to a secure deletion approach. Examples include the automatic deletion or encryption of user data at specified time points, the deletion of user attributes in target systems managed by SecuIAM, a deletion monitor for all applications used by the enterprise, and a deletion trigger for other databases containing user data. Phone or email us for more detailed information.

Connecting your systems

All required target systems communicate with the SecuIAM message room via connectors. Depending on the type, these may be used for the initial migration, reconciling differences, updating user and organizational data in SecuIAM, or for direct provisioning of the connected systems.

The SecuIAM core contains all the basic functions necessary for the operation of the IAM. Additional services can be individually licensed and installed as required.

Control and security functions

The issue of compliance is becoming more and more important for businesses. One reason for this is that managers can be held liable for any failure to comply with legal requirements. The many laws and standards, such as SOX, Basel and the 8th EU directive, create new challenges for corporate risk management and make the installation of security, control and compliance services well worthwhile. SecuIAM has a large number of analysis functions, plus a service control center, compliance monitor, reports etc., all of which support security and system checks right across the IAM. Click here to find out more.