No-Code Built For You Workflows

IAM

EXPERT

SERVICES

IAM Consulting Services

Everything you need to make your Joiner, Mover, Leaver and Certification processes run smoothly!

We have experts with over 15 years of experience on multiple Identity products. Whether you are using Gartner Customers’ Choice listed Identity leaders like Sailpoint IdentityIQ and IdentityNow, Okta, Savyint or Oracle Identity Governance products, or if you are using leaders like Omada, IBM etc. There's not much we haven't had to implement and we can be your trusted advisor when it comes to making your IAM project successful.

CONTACT US

Services Offerings

Our Experience

We are a small team of professionals with both on-shore and off-shore presence specialising in Identity and Access Management (IAM), Data and Cloud areas helping several SME's and large organisations. Our specialist team is equipped to help your teams and organisation with all your IAM needs.

‍

Our Approach

Identity and Access Management programmes can be daunting, unlike many other technologies where technologists keep talking jargon, we take a business-centric approach. Our team will strive to meet business needs by having open conversations with businesses in simple language. Good communication is the key to project success.

‍

Why Us?

We are in a highly significant position with the IAM skill-sets our staff possess. We can offer consultation or managed services to your organisation with respect to identity and access management projects. Whether on-premises or cloud-hosted, we have a combined founding team experience with over 30 years of experience spanning all elements of Identity and Access Management, Data, and Cloud Technologies.

‍

Cloud Migration Services

Azure, AWS and Oracle Cloud Migration Services, Sailpoint, Okta or ForgeRock – whatever identity cloud you have in mind, we have in-house experts to help with your migration and connect your users with all major cloud service providers.

‍

Advisory Services

Our SME's and our vast pool of talent with our technology partners will be ready to help you with all areas of IAM, data or cloud that may be bothering you, be it an audit finding or a BAU concern. Our team can guide you in federated access management, access provisioning, certification and directory management.

‍

Implementation Support

Our teams have hands-on experience in on-premise to cloud migrations. As we have carried out several deployments, from greenfield IAM implementations to hybrid cloud migration of IAM systems, we have a pool of great talent to support you with your implementation journey. You can rely upon our experience to deliver your implementation on time and within budget.

Managed Services Support

We operate an on-site/off-shore model for managed support services.

‍

Programme Content

Processes, policies, and technologies that organisations use to manage the access and permissions of their employees, customers, and other stakeholders to various systems, applications, and resources are all underpinned by our Services offerings.

We have a range of offerings designed to help organisations securely manage the identity and access of their users.

Some of these include:
‍

Identity and access governance: This involves establishing policies and procedures for granting, revoking, and monitoring access to systems and resources.
‍
Identity and access provisioning: This involves creating, modifying, and deleting user accounts and permissions for various systems and applications.
‍
Identity and access authentication: This involves verifying the identity of users and ensuring that they are authorized to access specific systems and resources.
‍
Identity and access federation: This involves connecting different identity and access management systems and allowing users to access multiple systems and applications with a single set of login credentials.
‍
Identity and access analytics: This involves collecting and analyzing data on user access and activity to identify trends, potential security risks, and opportunities for improvement.
‍
Identity and access training and education: This involves providing employees and other users with the knowledge and skills they need to use and manage identity and access management systems effectively.

‍

Use our Contact page to get in touch with us, we will have one of our IAM experts reach out to you to understand where you maybe on your Identity journey, understanding what's working and what's not etc. We can even offer a FREE 2 day assessment of your programmes current state.

JML - Lifecycles

1. Leavers / Movers / Joiners

Why that order for what's usually known as JML?
(Joiner, Mover, Leaver)
‍
The Leaver process, if not carried out successfully, poses the HIGHEST RISK to a company, so should therefore be dealt with first.

User provisioning is a complex task for administrators, but with good organisation, standardised processes and automation you can ensure that all important steps are completed in a timely manner. This will save your company both time and money. At Identity Centric we can show you many ways of stream-ling your Identity programme with the goal of making it successful by using best practises. That does tend to mean that the customisations that your IT guys wanted will have to be carefully considered for inclusion. We've seen far too many projects fail due to customers insistence that they MUST have various customisations.

2. Risk Approach

With every project we take a Risk approach.
i.e. We analyse what elements would be considered the highest risk to a company and tackle the high risk elements first.

If you have read the analysts reports about IAM over the years you'll see that more and more they feature RISK as a good approach to an Identity and Access Managemernt programme. This is simply because the amount of identities, accounts and permissions/entitlements have become too much for human beings to handle. If you can segregate high Risk identities and focus on getting them the correct access to the right applications first, then your company risk profile will inevitably go down. Make Risk the focus of your Access reviews and certifications.

LEAVERS

Leavers are generally detected by receiving information from a Human Resources feed.
This can be in the form of a simple leaver flag saying Active=false or can be an End Date field with the persons final work date populated.

Leavers can also be initiated ad-hoc by a Manager via a form in cases where an instant suspension of access is required.

As a result of a trigger like one of the above, a lifecycle event is kicked off, a workflow to take the appropriate action of suspending access as required via the connected applications and by raising tickets or emails where direct connectivity is not present.
e.g. Physical assets, non-connected applications.

Additional Tasks
As well as suspending application accounts for a leaver there are often other tasks to perform. Some of these may include, but are not limited to:
‍
- Archive home folders and place on a remote drive ready for archival storage.
‍
- Notify relevant departments about physical assets that may need to be retrieved.
e.g. Car, Laptop, Phone etc.

- Arrange for device wiping.
e.g. Laptop, Phone.
‍
- Delete application accounts after a pre-configured time.
e.g. 90 Days.

MOVERS

Movers can present a number of headaches for a business. It could be a simple Department move or a Location change for example. More often than not it gets more complex than that.

Department Move Example
The mover maybe moving from the IT Department to the Finance Department. The departmental Managers may agree that there needs to be some overlap period involved, maybe a month or two whereby the Mover has access to the applications and permissions from their old job in IT as well as the new job Finance applications.

Clearly there is Risk involved here.

The IAM system needs to be aware of the overlap period and provision the new Finance access for the Mover. After the agreed overlap period expires, de-provisioning of the users original IT Access must be carried out. This should also be followed up with an Automated Access Review to both Managers for the Mover to have them sign off on the eventual new set of access.

There are numerous permutations for mover processes and flexibility is needed within your Lifecycle Mover Workflows to accomodate this.

We can help you achieve this.

JOINERS

In the same way as Leavers, Joiners are generally detected by receiving information from a Human Resources feed.
This can be in the form of a simple joiner flag saying Active=True or can be a Start Date field with the persons hire/start date populated. New Hires can also be initiated ad-hoc by a Manager via a form in cases where an instant start and immediate requirement for access is required. e.g. Contractor.

As a result of a trigger like one of the above, a lifecycle event is kicked off, a workflow to take the appropriate action of creating the correct application accounts and granting the correct access as required via the connected applications and by raising tickets or emails where direct connectivity is not present. e.g. Physical assets, non-connected applications.

Additional Tasks
As well as provisioning application accounts for a joiner there are often other tasks to perform. Some of these may include, but are not limited to:

- Email notifications to interested parties.
e.g. Manager, Training Department and more.
‍
- Notify relevant departments about physical assets that may need to be purchased.
e.g. Car, Laptop, Phone, Desk, Chair etc.

- It's also always very polite to ensure a Welcome Email is present in the joiners Inbox too.

CERTS

Certifications, Access Reviews, everyone seems to have a different name for these. In essence though "Certs" are used to facilitate management, application and role owners certifying people's access. i.e. Certifying that who has access to what is correct.

Certifications are usually driven by governance functions external to a company and where the company is obliged to comply with certain industry standards.

The problem with these Certs / Access reviews is that they are large and cumbersome, it is not unusual for a line manager to have to certify ten's of accounts along with thousands of permissions for their staff.

Identity and Access Management tools can clearly help in this area but bare in mind that it's not all about the tool. Identity Centric can help build good practises around certifications in terms of employee awareness and a good Communication Campaign to go along with each certification cycle.

Take up of certs / access reviews can be quite poor at first, sometimes with less than 30% of the review completed within the set time frame. After employee education and good communication campaigns to run along side, 30% can turn into 80%+