Fálaina’s Identity Lifecycle Manager (ILM) is the next generation solution that uses lightweight .NET architecture for identity administration. ILM is an add-on component to the Identity Analytics and Compliance Manager (IACM) and shares the same identity repository, workflow, operators (also called connectors) and user interface.Fálaina’s ILM is an automated solution that helps manage user identity and their access rights across enterprise.ILM automates operation to create, retrieve, update and delete (CRUD) access rights via its rule-based policies. ILM has more than 40 out-of-the-box agent-less connectors that enable administration of accounts, technical group/role and permission across operating systems, directory servers, databases, mainframes, enterprise applications, IoT platforms and Cloud/ SaaS based applications.Fálaina’s ILM process CRUD operations based on the triggers/events from authoritative sources of identity data, such as human resource management systems or flat-file such as csv or xml. These operations can be scheduled or processed via bulk upload file operations.

Fálaina’s ILM supports industry’s expansion of managing not only employees, but also to support contractors, affiliates, business partners, suppliers and most importantly customers - to secure the identities of employees and non-employees as well as their access for a safe business activities.

 

Automated identity lifecycle management (provisioning/de-provisioning)

Today, the on-boarding process of employees and nonemployees in any organization includes enabling access to various applications. As part of the process, efficiency and security is utmost important. Provisioning on time and only for the right applications with right sets of permission is key to ensuring overall security.

Fálaina’s ILM automates events such as hire (or customer on-boarding), transfer/move, access and identity data modifications, status change, password change and termination of access. Each of these use cases are complex and vary from organization to organization and application to application. Non-employee or customer onboarding process is also made available via selfregistration portal with validation via email and approval workflow.

The complete lifecycle from hire to exit is automated including the issuance of account and password to employee or customers.

Fálaina’s ILM provides rule based templates for events such as future, conditional provisioning, user account constructions, password generations, access rights granting, batch provisioning/de-provisioning and so on.

Access request management and approval workflow

Fálaina’s ILM access request management is integrated with workflow on a self-service portal to enable users and delegated administrators to place request for new access, modify current access and remove access.

The access request portal allows requestors to request access to roles, entitlements and accounts based on the rules and policies set. These rules are based on rolebased access control (RBAC) and attribute-based access control (ABAC). Rules include conditions such as who can request for what objects, which target systems, when and so on.

The access request portal allows users and approvers to view requestor’s current set of access.

Fálaina’s ILM access request portal and workflow enables attachment management. User and approvers now able to upload and view attachments as part of the approval chain. These attachments are kept within the ILM database for auditing and reporting purposes.

Other than attachments, the workflow allows notifications and communications between requestor and approvers at any time until the final approvals is completed. These allow both requestor and approvers to user ILM as single platform for complete access request management.

Fálaina’s ILM provides the approvers flexible means to approve the request. These option includes approving via replying to notification mails, login to self-service portal
and native Fálaina’s ILM mobile applications. The access request approval allows one consolidated notifications such as end of day notifications and approval or bulk request and approval.

Fálaina’s ILM access request comes with compliant user provisioning. For example – when users request for a new SAP role to be added to their profile, the solution will intercept and check against the SoD ruleset. It automatically notifies the users if there are conflicts identified. If the users’ requests are required to be approved by the next level approver, the risk identified in the users’ request will also be displayed to the approver. It will keep record of all activities and related risk for reporting purpose.

The ruleset can be applied not only within single applications but across applications or target systems.

Self-service portal

Fálaina’s ILM self-service portal enables users (including customers) to manage their identity data (also known as personal information) and passwords.

Profile administration feature allow users to modify identity data centrally and this data can be synchronized to respective target systems. Rules can be applied to allow only selected data/attributes to be modified as part of this profile administration.

Self-service portal provides comprehensive management of account unlocking, password reset and password synchronization for all target systems. Challenge/Response password reset or unlocking of accounts support OTP (one-time password) via mobile sms or WhatsApp messages. The account unlocking and password reset can be applied directly to Microsoft Active
Directory or any LDAP server if this is the network login or centralized authentication server.