Technical Field
This disclosure relates generally to the field of digital resource access, and more particularly, to automatically provisioning account access to digital resources.
Background of the Related Art
Identity and Access Management Governance is a set of processes and policies for organizations to manage risks and maintain compliance with regulations and policies by administering, securing, and monitoring identities and their access to applications, information, and systems. Although potentially complex in implementation, the concept of Identity and Access Management (IAM) Governance is fairly straightforward: determine who should have access to what resources and who should not. This type of program often assists an organization's compliance to government regulations, industry-specific regulations (SOX, HIPPA, GLBA, etc.), and business regulations and guidelines. Typically, IAM Governance includes processes for accessing request governance, entitlement certifications, reports and audits, and analytics and management (including role management, entitlement management, separation of duties enforcement, and privileged identity management). An end-to-end IAM Governance solution may also provide related functions, such as access enforcement, user provisioning, password management, and user lifecycle management.
Identity and access management (IAM) systems protect enterprise data and applications with context-based access control, security policy enforcement and business-driven identity governance. These systems may be operated in a standalone manner, in association with cloud-based environments, or in hybrid environments. Provisioning is the process that IAM systems use to grant users access to the digital resources within the enterprise for which a given user is entitled, often due to the role of the user within the enterprise, or a group of users to which the user belongs.
Many identity and account management systems have built-in capabilities to automatically provision (or “autoprovision”) accounts on managed targets. However, such autoprovisioning solutions do not work “out of the box” without significant user intervention. They typically require a team of system administrators to specify in advance the format for all default values for accounts of the given target type or a specific target. This process is typically done in-situ by a group of system analysts and system administrators. It may take many days and delay the deployment of the IAM system.
It would be highly desirable to ameliorate or eliminate the time required for the autoprovisioning process of IAM systems without at the same time increasing security risks associated with such activities.