Symantec Identity Governance and Administration Review
Identifies, debugs and models the privileges of your organization, adapting it to business strategies.
What is our primary use case?
The primary uses cases are:
- The analysis of privileges to generate roles
- Revision of segregation of rights based on client rules
- Certification of privileges (compliance)
- Fulfill the cycle of existing privileges, under review / approval and delivery to the IM solution to materialize the changes and maintain the standard
How has it helped my organization?
In the processes where we need to analyze data, IG has enabled and facilitated the analysis of privileges, generation of roles to cover RBAC and integrate with the solution of Identity Manager, as well as the compliance aspect by the certification of privileges “Compliance”.
Additionally it helps us in analyzing predefined SoD rules for SAP and any others applications where the client defines their business policy rules.
What is most valuable?
- Identifies, debugs and models the privileges of your organization, adapting it to business strategies.
- Helps discover roles based on available patterns ("basic roles" / "Iterated Search" / "Characteristic Roles" / "Rule Hierarchies Roles" / "User Hierarchy Based Roles" / "Structured Search" / "Obvious Roles").
- Enables review campaigns to certify user privileges, roles and resources, activating the RACI model in the process.
- Identity Governance comes with Connector Xpress but if you have Identity Manager you can use the integration between them and import the information that comes from CA Identity Manager and its connectors.
- Allows the construction of segregation of rights (SoD) rules by definition of the client and enables “detective" and "corrective" levels for violations of business rules policies.
- Provides a set of SoD rules for SAP in order to apply "best practices" to this type of "endpoint" (more than 3,000 rules / Consult CA Technologies if available in last version).
- Helps to analyze privileges to find points of cleaning and improvement (Similar Roles / Roles Hierarchy / dual link / Suspect connections / Collectors, etc.).
- Regulatory compliance is one of the objectives of the solution.
- Covers the life cycle of enterprise privileges and maintains the role model "shallow" or "deep" / "functional" or "granular per application".
- Helps you take advantage of the Identity Governance on the portal but better if you integrate with Identity Suite (best user experience).
- You can enable LDAP authentication (AD/others) or integrate with CA Single Sign-On for portal access.
- Real integration between CA Identity Manager and CA Identity Governance for better use of compliance approved roles, data exchange, and improved customer experience.
- Data Transformation available using PDI (Pentaho Data Integration)
- New functionality when integrating with Identity Portal.
What needs improvement?
The administrative part is not very intuitive. Actually I think it is because it requires specialization and knowledge in what is done.
I found an option to import specific information, but the functionality was non-existent so they have to update the documentation or remove it from the menu (import from ITIM). Improve release updates when there is an obsolete function or it is not still supported.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How are customer service and technical support?
When you open a ticket with priority-one, the technical support is excellent - 10/10. However, when the ticket is priority two, three, or four, then it's 7/10.
Which solution did I use previously and why did I switch?
I did not use a previous different solution.
How was the initial setup?
The initial basic configuration is simple, but deploying the solution in greater depth and integration with high implementation reach requires expertise and certain complexities.
What's my experience with pricing, setup cost, and licensing?
About prices when validated with other solutions where the "SAP" endpoint will be included, Identity Governance is a good option. But if you are going to integrate with Identity Manager it is better to acquire IDS, it will be more economical.
Which other solutions did I evaluate?
What other advice do I have?
Important to find someone with experience implementing this type of solution to ensure the success of its implementation.