Automated Access Provisioning
BAAR-IGA provisions and revokes access to applications (Legacy and New Age) and other resource types (servers, network folders etc.). Access is automated and granted based on a Birthright or Role Designation Matrix.
BAAR-IGA refers to the Role Designation Matrix 'Birthright' to provide access for onboarded personnel, full-time employees, vendors, BOTS, system users, and APIs. This access can be time-bound as well.
Access is provisioned to applications, servers, network folders, and other resource types. It does not matter if the applications are legacy (with no connectors), mainframes or new-age applications.
When employee roles or designations change, BAAR-IGA will automatically change their access per the new role or designation.
BAAR-IGA revokes access in an automated manner. Workflows can be added for approvals as required. Access can also be revoked to reflect policy changes or due to user access review.
Account Provisioning Types
1) Self Serve Account Provisioning
Users can create access to systems by themselves. If the system they request access to is outside their designated access as per the Birthright, BAAR-IGA will seek approval. Once approved, BAAR-IGA will provide access for the user. Likewise, a manager or an admin can request access on a user's behalf and also lock or unlock a user's access.
2) Workflow Based Account Provisioning
This is automated provisioning where BAAR-IGA must get approvals from a designated authority, e.g., access to specific roles in an application may need permission from the CTO. Workflows can be initiated and customized to provide such access, and details are maintained for audit.
3) Automated Account Provisioning
An example of automated account provisioning is a new employee being provided access to all applications as per the birthright matrix. If a system of record, e.g. ITSM platform, needs to have tickets created, BAAR-IGA can create the ticket and close it once BAAR-IGA has provisioned access.
4) Discretionary Account Provisioning
Discretionary account provisioning provides ad-hoc solutions where the admin can decide what access to provide to a user. BAAR-IGA can secure necessary approvals and deliver the required access. All actions are logged in an audit log so all changes can be monitored and audited.