Evidian Identity Governance and Administration

Manage identities accurately, efficiently and confidentially

60% of users

have undue access right

25% of the breaches

involved internal actors

0 waste time

to get user access

What is IGA (Identity Governance and Administration) ?

Security and risk management leaders responsible for identity and access management (IAM) must ensure that only the right people get access to the right resources (e.g., applications and data) at the right times for the right reasons. Identity governance and administration (IGA) is a fundamental building block of an organization’s IAM strategy — these tools manage digital identity and access rights across multiple systems and applications.

To follow or contact us:
Linkedin | Twitter

Evidian Identity Governance and Administration

Evidian Identity Governance and Administration (IGA) leverages your organization by getting your Identity Management processes accurate, efficient and reliable.

With Identity Governance and Administration :

Identify and manage all the users accessing to your application

Make operational people owners of access and right decision

Reduce operational risk and ensure compliance

Define and Implement a security and operational policy

Speed up delivery of access to the required business application

Atos-cybersecurity-evidian-animation-IGA

Be agile and reliable in your business

IDnomic-acces_poste

Operational Risk Management

To meet the challenges of insider threat and illegitimate access, Evidian IGA provides a comprehensive set of governance capabilities to enable organizations to mitigate operational risks and comply with security policies and regulations.

Customers can enforce their user rights assignment policy with a unified view of their users’ identities. Evidian IGA entitlement assignation engine is based on the Extended Role Based Access Control model (Extended RBAC).

Evidian IGA ensures data consistency by centralizing identities from various sources, allowing Security Officers to base their policy on a unified and reliable identity source.

The Access Certification feature provides an effective way to review entitlement according the least privilege principle. Security Officers can target rights and applications based on a pre-defined risk profile, ranging from non-critical to critical.

Hence Access Certification Campaigns can focus primarily on rights and application that could put the company at risk. Campaign monitoring dashboards allow you to manage effectively campaign progress.

Improved Governance

Customers using Evidian Identity Governance and Administration benefit from a set of predefined reports designed to provide proofs of governance and compliance in managing their Information System.

More than 45 report types are included with the solution to cover 7 areas in the system’s governance: Policy Status, User Lifecycle, Policy Analytics, KPIs & Quality, Activity, Reconciliation & Certification, and Personal Data.

The Reports layout, language and export format are fully configurable prior to being signed and sent to the appropriate persons within the organization.

Go further in your analysis and risk management with Analytics and Intelligence.

IDnomic-protection_emails

Efficiency and Operational Cost Reduction

Evidian Identity Governance and Administration allow customers to manage easily their users’ Identity Life Cycle (e.g. arrivals, changes, departures etc.) without imposing tedious and time-consuming administration tasks; tasks that can also lead to human errors.

Organizations can speed up the delivery of access to business applications with the solution’s automatic provisioning capabilities, and improve user productivity by simplifying access to authorized applications wherever they may be. Process automation and self-service features allow to reduce administration costs and optimize the return on investment of the solution.

Evidian Identity Governance and Administration also supports hybrid environments in a secure and cost-effective way.

Customers can manage accounts without having to worry about synchronization delays between the on-premises and Cloud identity sources.

Moreover, since applications licenses are also managed through the security policy, Evidian Identity Governance and Administration customers can also manage license costs and take advantage of the reporting features for auditing costs.

IDnomic-acces_poste

Availability & standardization

Deploy a Corporate IAM policy

Organizations can now consider deploying Group’s security policy and processes through an IAM implementation even if subsidiaries have not reached the critical size to benefit from a local IAM solution. The Evidian proposal with a Shared IAM will let you centrally deploy Evidian IGA solution to be used by each subsidiary. The solution improves and standardizes the Group’s security policy and processes, while respecting the specific functions of each subsidiary, facilitating the adoption. This model optimizes implementation and operating costs. (Up to 25% savings compared to unit solutions at each subsidiary).

Easy deployment

Smooth deployment is a key for the success of any IAM project.

With Evidian Identity Governance and Administration, customers can foresee a more controlled and cheaper deployment with the new workflow driven provisioning and configuration feature.

During the deployment, automatic onboarding of applications is easy and templates management no longer requires extra operations.

In Evidian IGA, approval behaviors are no longer linked to the workflow configuration and can be configured for each identity source.

The solution includes built-in features to support all use cases for Identity Life Cycle patterns with more than 40 workflow processes available. The solution also offers an organization model to easily implement delegated administration.

Zero Trust: Do your users have the required level of accreditation to access the applications?

How to ensure that users accessing an application are accredited with required training, certification, charter signature, and how to ensure that this accreditation is still valid?

In many organizations, particularly in healthcare, defense, and finance, access to applications doesn’t depend solely on the user’s business profile but also on their level of accreditation. A certain level of accreditation (training, certification, signing a charter) may be required to be in compliance with current legislations, insurance, company charters, etc.
During audits, compliance reports may also be requested.

To meet these requirements, Evidian IGA integrates a new feature to verify when assigning rights that a user has the required level of accreditation. This feature also makes it possible to take into account changes in the level of accreditation over time: granting rights upon obtaining accreditation or revoking them upon expiration of accreditation.

More information on Zero Trust

Governance and Automation

Evidian Identity Governance and Administration lets you manage the entire identities life cycle management.

Identity management

  • Creation of a centralized repository of digital identities
  • Multiple types of information sources: HR systems, LDAP Directories, CSV/XLS files…
  • Non-intrusive with sources of identity information
  • Capacity to automatically launch Identity Management processes based on detection of changes
  • Capacity to follow enterprise evolutions; very easy to add/remove organizations
  • Simulation capability and Threshold management
  • IAM for multi-entity groups

Security Policy definition

  • Security policy based on RBAC (Role-Based Access Control) model extended with Organizations, Contexts and Business Rules
  • User entitlement based on role assignment, role-organization couple, exceptions or “same as another user”
  • Dynamic role assignment based on user attribute values and time constraints
  • Management of risks (SOD) at user entitlement and role content definition
  • Centralized or distributed administration
  • Simulation capability, Central audit & reporting features

End user self-service and process management

  • End-user self-service portal; password reset, white pages, access requests, validation
  • Ready to use set of Identity & User entitlement management processes
  • Dynamic customization of the data and pages structure based on the user’s needs
  • User entitlement management delegated to the Business
  • Workflow actors & sequence based on Security Policy, no need to modify workflow process itself
  • Capacity to modify workflow processes structure with the “Workflow Editor” option

Access management to applications

  • Several Authentication Methods; Kerberos, Social Authentication, Strong Authentication, QREntry
  • End User activation
  • Standard connectors; LDAP, SQL, CSV, AD, Lotus Notes, SAP, GCOS, IBM RACF, SalesForce, Google Apps, ServiceNow, Office 365 & Generic connectors…
  • Capacity to manage AD & RACF low level permissions, e.g. printers, shared resources
  • Several processes to tailor provisioning actions
  • Reconciliation process to check the compliance with the defined policy
  • Integration with CyberArk & Wallix PAM tools
  • Integration with Service Now ITSSM

Compliance

  • Access Certification campaigns
  • Ability to set a range of risk levels associated with the access rights to be certified, as a choice criterion
  • Definition of multiple levels of responsibility
  • Monitoring of campaign progress
  • Related reports

Reporting

  • Policy Status: provides status on the policy objects of your solution
  • User Lifecycle: provides information about user arrivals and departures
  • Statistics: helps you monitor the use of the policy
  • KPI – Quality: gives you Key Performance Indicators (KPIs) and Quality information on the policy you defined for your solution
  • Activity: helps you monitor the user activity
  • Certification: provides general and detailed information of Certification Campaigns results
  • GDPR: provides user information with respect to GDPR regulation

Certification and compliance

Evidian provides a series of IAM consulting services to help you build your identity and access management project. These services cover three principle domains:

  • Implementation/demonstrator’s assistance with implementation/model
  • Advice and audit services
  • Design: technical architecture with the constraints of high availability (IT safety plan), detailed IAM functional specifications (workflow, policy, upstream and downstream provisioning), SSO and strong authentication, Web SSO

Demonstration

For our E-SSO & Authentication Manager, WAM, IAM and SafeKit products, Evidian offers to implement a POC (Proof of concept):

Prerequisites
  • POC specification/Needs requirement from the pilot project
  • List of constraints: number of sites, deadlines, costs, number of persons, number of applications, etc.
  • Technical infrastructure: VM, directory technology (e.g. AD/ADLS, Fedora, database)
Participants
  • RSSI/Project Manager, MOA, MOE
Content
  • POC script
  • Installation and configuration of the EVIDIAN software according to the POC specification
  • Assistance
  • Restitution
Equipment
  • VM with the Evidian WAM software installed, presentation for the restitution

Audit & services

The advice and audit group offers to support you with:

  • Preparation studies
  • Defining the project (outline, project plan, WBS)
  • The design stages of the identity and access management solution.

We will spend time specifically on considering the organisational and technical aspects of such projects, and the ROI: financial, for users, professionals, IT support teams and of course security teams (implemented from an SMSI, professional regulatory constraints: Bale II/III, Solvency, HIPAA).

With regard to audit, the methodology adopted is the following:

Here are some examples of consulting tasks that can be achieved in Evidian:

Task

Content

Audit of the existing set-up
  • Identifying the references and applications to be taken into account
  • Identifying existing processes and analysing how they take place
  • Analysing the directory architecture
  • Analysing the access control policy in place
  • Identifying access control measures
  • Identifying the applications provided/adapted
  • Identifying any SPOFs (Single Point of Failure) as well as Split Brain cases
Proposing a management model for the organisation’s authorisations with Policy Manager
  • Modelling applications
  • Modelling professional roles
  • Defining professional roles
  • Defining rules for the separation of powers
Needs assessment in terms of strong authentication
  • Offering an access control policy based on the following three criteria:
  • User profiles
  • Access point profiles (user positions)
  • Application profiles
  • Detailed authentication mechanisms based on target users, terminals used and access achieved

Design

Evidian offers you support in the design phase of your project using our E-SSO & Authentication Manager, WAM, IAM and SafeKit products.

Here are some examples of tasks that can be achieved in Evidian:

Task

Content

ESSO technical and functional specifications
  • Managing user security profiles
  • Managing security profiles for access points (workstations)
  • Managing application security profiles
  • Fast user switching
  • Administration of the solution
WAM technical and functional specifications
  • Managing the portal and/or local or remote web agents
  • Defining web servers
  • Managing services
  • Managing access control
  • Managing SSO
  • Managing data input
  • Managing authentication
  • Managing certificates and keys for CRLs
  • Administration of the solution
IAM technical and functional specifications
  • Synchronisation feed specifications
  • Workflow specifications
  • Security policy specifications
  • Provisioning specification

Expert testimony

Issue

A major player in the aeronautical sector, let’s call it X, decided to provide shared access for all its branches and divisions. At the same time, X had set up a private cloud to store the access portal and shared services. To facilitate access to these services, X wished to offer a Single Sign-On service to its users, and extend this service to all its divisions.
X wanted to simplify the authentication process for users to access the “cloud”, which had to comply with four successive authentications at the time.

Our proposal

We analysed the existing portal

It was a web application installed in the “cloud”, federating access to all divisions, and allowing access to the shared resources of the company. The “cloud” contributed to direct access to shared services such as the CRM, intranet applications, HR, etc.

Choosing the right technical solutions:

  • E-SSO (Enterprise SSO): An SSO device is installed on each workstation. Whenever the user enters a login/password, the SSO remembers it locally. After the user has successfully logged on, the SSO agent waits for the application’s login request. It intercepts those requests and automatically fills in the fields.
  • Web SSO: Web SSO is an extension of the E-SSO device, designed specifically for web applications. A web portal is the interface between the client and the applications.
  • SSO federation.

Analysing each scenario:

  • Scenario 1: Using E-SSO for various divisions
  • Scenario 2: Using WAM for the main portal and offering E-SSO as an option
  • Scenario 3: Integrating the access portal into the WAM and offering E-SSO as an option.

Analysing the costs: in terms of equipment, licences and effort required to implement each scenario.

Offering an analysis of the different scenarios: selection criteria, decision matrix, SWOT table.

Find out more

Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.

Project management

The Evidian expertise centre helps its clients and partners to implement their projects, offering reliable expert assistance with its products and IAM solutions.

They occasionally run projects from end to end:

to establish reference points in new geographical areas

to carry out pioneering, innovative projects, in new technological environments.

In order to do this, they maintain a methodology for carrying out IAM projects, implementing company SSO projects and extending remote access projects.

IAM Methodology

Evidian has developed its own IAM methodology, and demonstrated it with large prestigious accounts: it allows you to use the main building blocks of the IAM structure in an incremental yet consolidated way: constituting the identity reference, managing roles, etc.

Atos cybersecurity Evidian Methodology-IAM

Enterprise SSO

To facilitate the implementation of our User Access Services solution, the Evidian expertise centre supports its clients in the use of its security solutions. Over the years, it has acquired strong skills in implementing Evidian solutions in a complex environment.

These skills are a determining factor that will ensure the quality of your project.

We propose, through a complete service offering, to bring on board a team of Senior security consultants that are certified for CISSP, Microsoft, etc.

Our service offering takes clients’ needs into account in terms of flexibility, availability and the means of implementation.

WAM

The Evidian expertise centre participates in the complete life cycle of implementation projects, delivering Evidian Mobility solutions alone or with partners. We deliver customised services to define the architecture, and plan and implement the solutions offered to our clients.

An exemple

Issue

Microsoft SharePoint was quickly adopted by professionals to share documents which are often confidential. A large European airport wished to publish links to applications stored internally. This raised the question of secure access and access controls to these applications.

Our solution

The solution proposed to the airport allowed them to secure access to Microsoft SharePoint as well as to their internal applications. The Evidian expertise centre demonstrated a solution to allow professional collaboration between internal staff and partners in full confidence, with the following characteristics:

– Transparent NTLM authentication for internal users

– Weak authentication with a different account from the Active Directory one for internal users when they connect from outside

– Strong authentication by Mail OTP for partners that work in the airport

– Integrated access control while maintaining the SharePoint user interface

– Protection of SharePoint and internal applications against any attack

– Single Sign-On for SharePoint and internal applications offered by the airport to internal users and partners

Find out more

Complete the form here >>, and you will be contacted by one of the technical agents for this implementation.

The Evidian expertise centre.

The Evidian expertise centre makes the best experts available to you, to support you throughout the life cycle of your security solution:

Upstream: set out a specification, verify the principles, etc.

For the implementation: installation, configuration, customisation, … or turnkey implementation

Downstream: training operators, usage, maintenance in operational condition, etc.

The forty experts may participate in all aspects of operations from units based in: Paris, Cologne, Manchester, Brussels, New York and Tokyo.

Client support

Evidian Support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.

Evidian Support prioritises the establishment of a real partnership, guaranteeing better response times to resolve incident tickets.

Our Support programmes allow you to establish a response adapted to your needs, whatever they are:

Standard Support & Maintenance for access to updates and the support knowledge database, submitting incident tickets and assistance during working hours.
Platinum Support & Maintenance for customised high-level support in a complex environment with availability constraints.

Do you have any questions? Would you like a free and customised evaluation? Contact us.
Are you already a customer with a support contract? Access Evidian Support.

All the Support services are accessible on the support portal.
Support assistance is requested by opening an incident ticket with the Calldesk.
After opening an incident ticket, the nearest Support Centre experts will contact you.

Worldwide locations for Evidian Support:

Region

Location

Languages

EMEAAtos – Evidian, France, 78340 Les Clayes-sous-Bois, FranceFrench – English
Atos – Evidian, France, 69578 LimonestFrench – English
Atos – Evidian, Germany, 51149 CologneGerman
Atos – Evidian UK, England, Macclesfield, CheshireEnglish
NORTH AMERICAAtos – Evidian Inc. USA, New York, NY 10038English
APACAtos – Evidian Japan, Japan, Tokyo 150-8512Japanese

Support & Maintenance : Standard

Standard Support and Maintenance gives you access to the following services:

  • Protected access, 24/7, to the support portal
  • Advice and searching the support knowledge base for solutions
  • Submission of and advice on incident tickets
  • Remote assistance from experts at the Support Centre during working hours
  • Providing new corrections
  • Downloading versions, updates and product service packs
  • Downloading product documentation
  • Registering for the Information Bulletin publications and Support News (RSS feed).

Remote assistance is provided during working hours by the Support Centre, from Monday to Friday. Support is requested by opening an incident ticket in the support portal.

Platinium support and maintenance

Platinum Support and Maintenance offers customised support that takes into account the complexity of your technical and organisational environment. It responds to your service level needs and your contractual availability (SLA) by offering close monitoring and proactive support actions.

An <b>Account Monitoring Technical Lead</b> within the Support organisation will be your personal point of contact for all questions and incidents related to the products. They implement and run pilot projects for customised services:
<ul>
<li>Monitoring meetings and provision of dashboards</li>
<li>On-site visits for proactive support actions</li>
<li>The implementation of a customised escalation procedure</li>
<li>Faster response times</li>
<li>24/7 assistance with critical production incidents.</li>
</ul>
These services are in addition to services provided with Standard Support and Maintenance.
<h2>Platinum Maintenance</h2>
For certain products (*), the support team can keep a reference copy of your version with the list of corrections specific to your configuration. This service allows improved responsiveness with greater security, when emergency corrections are made during production.

<em>(*) Authentication Manager &amp; Enterprise SSO 8.0x, Identity &amp; Access Manager 9.0x.</em>

Training

Training makes a significant difference to projects The in-depth knowledge of Evidian products makes participants much more productive and allows for predictive project planning.

Our clients are constantly working to improve their productivity and profitability in an increasingly competitive market. To this end, they adopt new technologies with solutions that meet their needs exhaustively but are also social and open with a long and productive life. Our partners use Evidian products to implement these solutions. They can all attend training and certification programmes offered by the Evidian Institute in order to take advantage of Evidian products and make best use of the technology.

After attending the Evidian Institute training sessions, each person, depending on their job and their role within the project, will be in a position to effectively determine the best configuration and final architecture of the solutions. It will also improve the participants’ confidence in their capacity to rapidly implement projects and meet deadlines. Some of them will learn how to adapt the solutions to the needs of the end client for a minimal cost. Others will learn how best to take advantage of the numerous and powerful functions of Evidian products.

>> Training program

Related resources

Atos cybersecurity Evidian WP IAM extend enterprise

White paper

IAM – Identity and Access Management for the Extended Enterprise

Extend your information systems beyond the traditional boundaries of your business premises in total security with Identity and Access Management.

Atos cybersecurity Evidian IAM shared solutions WP en

White paper

IAM – Shared Identity and Access Management solution

An adaptative approach to identity and Access Management (IAM)

Atos cybersecurity Evidian IGA en

Factsheet

Identity Governance and administration flyer

How to ensure that only the right people access the right resources at the right time, with the required rights and for the right business reasons?

Related products

Enterprise SSO

Simplify access for users by a one click access to their applications, without compromising security policies.
Visit solution page >

Authentication manager: Windows MFA (Multi-Factor Authentication)

Windows MFA covers all authentication scenarios for a user accessing one or several PCs, or for several users sharing the same PC.
Visit solution page >

Web Access Manager

The central point of access to all your applications.
Visit product page >

SSPR (Self-Service Password Reset)

The SSPR solution provides a full set of audit trail reports of WHO resets a Windows password WHEN and from WHERE.
Visit solution page >

Analytics and Intelligence

Detect Suspicious behaviour and improve governance.
Visit product page >

Interested in our Evidian IGA solutions?