The present invention relates generally to the field of identity management, and more particularly to event analytics for role-based access provisioning.
Work environments are becoming increasingly dynamic, utilizing enterprise computing environments to provide a communication path and services between users, computing systems, processes, applications, services, and networks, to satisfy the needs of the organization. Enterprise computing environments may include restricted resources, which contain confidential or personal information, protected by law or policy whose unauthorized disclosure could have severe or catastrophic effects. Controlling user access to an enterprise computing environment with restricted resources can be vital, and provisions to ensure confidentiality and protection of information are required. Typically, user access is controlled through a login in which access is granted to the enterprise computing environment through credentials and the assignment of roles (roles may also be referred to as permissions, access rights, and/or privileges). Roles can be automatic, granted, or applied for and control the ability of a user to view or make changes to an accessed resource. To facilitate this process within an enterprise computing environment, identity management systems, products, applications, and platforms are utilized. An identity management system is an administrative function that pertains to controlling aspects associated with a user (e.g., authentication, authorization, roles, etc.) within the enterprise computing environment.
Identity management consists primarily of three functions: pure identity, user access (i.e., logon), and service. Pure identity functions pertain to the creation, management, and deletion of identities without regard to access or entitlements. User access functions pertain to the created identity (i.e., specific digital identity) and the associated data allowing the user access to a service or services across applications, which enables access controls to be assigned and evaluated against this identity. Service functions deliver personalized, role-based services to users and associated devices. Additionally, identity management controls user data such as, authentication, authorization, and roles. Authentication is the verification that an entity is who/what it claims to be using a password, biometrics (e.g., fingerprints), or distinctive behavior (e.g., gesture pattern on a touchscreen). Authorization manages the information that defines what operations an entity can perform in the context of specific application. Roles assign varying levels of access within the enterprise environment to a particular job or job function according to job competency, authority, and responsibility.