Access Panel is an identity and resource governance solution that lives within the Identity Panel software platform. Access Panel leverages Identity Panel’s connector integrations to offer access management across Active Directory, Azure/Office 365, database driven line-of-business applications, ServiceNow, and other platforms.
Using its advanced connector model, Access Panel supports multiple deployment architectures, including directly interfacing with target directories and applications, as well as mediating changes through a synchronization service like Microsoft Identity Manager. Additionally, Access Panel is not limited to managing traditional membership-based entitlements like group, but also has flexibility to handle ACL and attribute-based permissions control.
This architectural flexibility allows Access Panel to integrate seamlessly with an existing or new IAM deployment to apply multi-modal access governance models, including ABAC (Attribute Based Access Control), Just-in-Time access provisioning/PAM, traditional RBAC (Role Based Access Control), and Attestation/Certification. Access Review models support requests, recurring review, risk modeling, and access expiry.
Multi-Source Resource Management
- Define multiple scopes and sources for users and resources including:
- AD
- Generic LDAP
- MIM 2016 (Synchronization Service and Portal)
- Azure groups, licenses, and roles
- Database line of business apps
- HR systems
- ServiceNow
- Okta
- etc.
- Entitlements derived from:
- Reference attributes,
- Multi-value attributes
- Single-value attributes
- Rule-based objects
ABAC
- Criteria based entitlement management
- Handling of group scenarios with native criteria (e.g. Azure dynamic groups)
- Member exception management
- Negative exception management for separation of duties
- Support for criteria-based candidacy
RBAC
- Assign entitlements based on role assignments
- Hierarchical role management
- Advanced criteria evaluation for roles
- Role based separation of duties
Just in Time
- Support for candidate members with just-in-time activation
- Policy for processes on candidate activation including:
- Activation time windows
- Approval policies (owner/manager)
- Activation extension policies
- Custom justification forms
Requests and Expiry
- Group join requests with customizable justification and approval forms
- Policy based on group risk and application association
- Self, Manager, Owner, and multi-response request policies with escalation and reminder rules
- Enforced and optional entitlement expiry policies with extension notifications
- Support for Email, SMS, and Workflow/Service Desk system integrated approval flows
Access Review
Access Panel supports access reviews, also known as attestation or certification, across a wide range of object classes and filtering modes. Attestation may be performed against settings of security principals like users, groups, and applications, or against access levels like entitlements or role assignments. This allows organizations to attest against permissions directly, attest to the rules that drive permissions, and separately review policy exceptions and violations.
- Multi-mode Certifications
- Entitlements (permission/membership assignments)
- Resources — Including ownership, settings, criteria rules, role settings, data inventory, and change triggers
- Roles and Role Assignments
- Rolling, recurring, and ad-hoc attestation modes
- Communications queuing and consolidation, support for multiple delivery channels including:
- SMS
- Service Desk/Ticketing system
- Workplace messaging channels such as Teams or Slack
- Rule based certification triggers, including:
- Attribute filters
- Event-based / change response
- Application assignment
- Risk level
- Assignment control (explicit membership vs. criteria vs. role derived, etc.)
Comments
0 comments
Please sign in to leave a comment.