The Identity Governance (IG) tool can be used to help improve the processes of providing and removing system access.
- Streamline Access. IG can be used to group together permissions from multiple systems that are required to perform a job function and then assign the permissions as a comprehensive set to individuals—manually or automatically.
- Automate Access. The IG tool can be set to automatically assign and unassign access permissions when a person meets pre-defined criteria. The criteria can be based on a person’s digital identity at the university and can be defined using relationship to the university, department, job title, enrollment data, and/or other attributes.
- Pre-Approve Access. The people responsible for managing access can define and approve criteria to assign access when an IG Business Role is created. This replaces the need to approve individual permission requests for each person on an ongoing basis.
- Enhance Security and Compliance. The appropriate amount of access for an IG Business Role is carefully defined up front. This eliminates the need to model or copy the access of someone else, which may inadvertently result in granting too little or too much access. Flexible reports by user, role, group, or application are available for multiple purposes, including audits, governance, and user support. Access can be updated automatically when a person changes jobs, changes departments, or leaves the university.
- Supports U-M Policy. The Access, Authorization, and Authentication Management Standard (DS-22) stipulates requirements for access management and control. Access control for systems that create, process, maintain, transmit, or store sensitive university data should be primarily role-based as much as possible. The IG tool supports the implementation of policy provisions by enhancing the university’s ability to securely and accurately provide and remove access to U-M systems.