PARTNER DATASHEET

SailPoint Lifecycle Manager for BMC Software Solutions
Deliver access quickly, securely, and cost effectively

Key Benefits
With IdentityIQ Lifecycle Manager, you can: » Enable business users to independently request and manage access » Speed delivery of access using automated event triggers » Consolidate access request and change processes across disparate “last-mile” provisioning and fulfillment processes » Improve audit performance and risk posture with preventive policy enforcement

Business Challenge
In today’s world of rapid and constant change, many organizations are struggling to address the increased access demands of the business. Current solutions for requesting and managing user access are outdated and inefficient. Processes are disjointed and complex and don’t map succinctly to the core business processes driving changes within the enterprise. What’s more, governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate governance mandates.

The BMC Solution
Efficient, compliant access delivery
Organizations need a better way to request and manage user access changes. SailPoint IdentityIQ™ Lifecycle Manager enables business users to directly participate in the end-to-end processes, driving change while also enforcing preventive controls to ensure access is managed according to policy. IdentityIQ Lifecycle Manager empowers the business to manage changes to user access in a policycontrolled environment. It streamlines the front-end business processes associated with provisioning of changes to user access (including on-boarding, transfers and promotions, and off-boarding or termination) to ensure that users have the appropriate access given their current status within the organization. Enabling line-of-business users to self-administer their own access with easy-to-use tools frees up valuable IT resources for higher-value projects. By centralizing and managing access request processes within the constraints of a pre-defined governance model, IdentityIQ Lifecycle Manager enhances your security and compliance posture and creates transparency for audit-related inquiries. Furthermore, the support of multiple fulfillment processes, such as user provisioning platforms, help desk solutions, and manual processes, ensures a common experience and streamlines the value IdentityIQ Lifecycle Manager provides.

Self-Service Access Request
Empower business users to manage access
IdentityIQ Lifecycle Manager provides the industry’s first “shopping cart” experience for requesting access through a user-friendly graphical user interface. Business users are provided with convenient options for viewing current access privileges, selecting new roles and/or entitlements, updating their identity attributes, and checking the status of previous requests. The new shopping cart request view increases business user productivity and satisfaction and removes a significant administration burden from IT staff by presenting users with a familiar, easy-to-use interface for requesting and managing changes. Users simply add roles or entitlements to their shopping cart and are then guided through the checkout process, where additional information may be gathered to support completion of the provisioning transaction. Simplifying the business user experience must be balanced against ensuring changes are made based on corporate governance and compliance policies. IdentityIQ Lifecycle Manager automatically enforces enterprise policy during the self-service request process by evaluating the validity of a request and checking it against established policy before initiating the appropriate approval workflows. In addition, visibility to access data is controlled so users can only request access for privileges specifically allowed by the business.

and advanced analytics » Prevents policy violations – Enforces preventive identity controls by embedding policy evaluation and approvals within access request processes Password Management Lighten the load on your help desk through business-friendly self service Password resets continue to drain help desk resources. Governance is enforced throughout the self-service access request process by leveraging the IdentityIQ Business Process Modeler to define and implement configurable review and approval workflows. Changes to access can be requested using business-friendly roles or at the entitlement level. For example. reports.Key Capabilities » Self-Service Access Request – Empowers business users to easily request and manage access through a policydriven “shopping cart” interface » Password Management – Enables users to quickly change or reset their passwords without having to contact the help desk » Lifecycle Event Management – Automates changes to access across the lifecycle of a user (e. This improved usability helps businesses to be more autonomous from IT. In addition. To create transparency to in-flight or completed requests within IdentityIQ Lifecycle Manager. This greatly reduces operational costs. while IT can rest assured that access is being delivered according to policy and agreed-upon service levels. When users request access at the entitlement level. users can quickly view where requests are in the process. managers. To consistently enforce corporate security requirements.g. As needed. This prevents users from requesting incorrect privileges or calling the help desk for assistance. IdentityIQ Lifecycle Manager supports applicationspecific password policies and configurable challenge questions. as well as the final status (approved/rejected) of completed requests. IT administrators. or other delegates can reset passwords for those users who are unable to change them on their own. ensure closed-loop access fulfillment. offboarding) » Configurable Workflows – Facilitates the automated review and approval process to drive provisioning requests. promotion or transfer. directly from their dashboard or through reports. Capabilities » Empowers business users to request and manage access – Leverages a business-friendly “shopping cart” view for requesting or removing access rights » Facilitates delegated administration – Allows managers or security administrators to request new access or change access for members of their team » Provides visibility to request status – Tracks in-flight and completed requests through dashboards. and track all access approval activity for auditability IdentityIQ Lifecycle Manager simplifies and enriches how users request or change access privileges by providing business context to complex IT data.. Password changes are automatically synchronized with target systems by leveraging the IdentityIQ Provisioning Engine or other third-party provisioning solutions. IdentityIQ Lifecycle Manager displays entitlements using easy-to-understand descriptions. IdentityIQ Lifecycle Manager alleviates this burden by empowering business users to independently change and reset passwords. you can leverage the IdentityIQ Risk Model to increase scrutiny of high-risk access changes. Capabilities » Allows business users to reset or change passwords – Offers business users an easy-to-use interface for resetting or changing passwords immediately and according to policy » Enables delegated password management – Allows management and administrators to reset passwords as needed » Enforces Password Policy – Provides consistent enforcement of password policies. including minimum/maximum length and history . users requesting privileged access to a key financial system may require higher-level approval before access is granted. onboarding.

” a trigger launches a deprovisioning request for all of that user’s access privileges. Its workflows are created and managed within the IdentityIQ Business Process Modeler using drag-and-drop editing. which is critical for compliance and security initiatives. will increase the efficiency and effectiveness of the overall process. the selected workflow is triggered. allowing business users to manage the process independent of the technical change management processes. and then automatically provision those changes. Lifecycle Event Management Streamline management of user lifecycle changes IdentityIQ Lifecycle Manager automatically handles such events as changes in employment status (hires. It’s a win-win situation for both business and information security personnel. such as HR systems and corporate directories. Lifecycle events are defined and tracked through an easy-to-use. graphical interface. which executes the required approval processes and drives the requested change through the IdentityIQ Provisioning Broker to ensure closed-loop access fulfillment. Capabilities » Simplifies management of access – Enables business-friendly configuration and management of identity lifecycle events across the organization » Speeds change with automated event triggers – Initiates changes to access privileges through the IdentityIQ Provisioning Broker with configurable triggers » Prevents policy violations – Enforces preventive identity controls by embedding policy evaluation and approvals within identity change processes » Monitors end-to-end processes – Centralizes lifecycle process monitoring and enables continuous performance improvements Configurable Workflows Ensure proactive governance across processes IdentityIQ Lifecycle Manager provides configurable workflow capabilities to ensure the validity of access changes and manage the end-to-end business process across both self-service access requests and lifecycle change events. Similarly. At the beginning of the access request process. When a lifecycle event is detected. It also eliminates the need to embed complex business policy within individual provisioning workflows. U. This allows you to centralize the definition and management of lifecycle events separate from the implementation of changes. As approvals are routed to . a lifecycle event triggers the assignment of a new business role to replace the user’s current role. when an employee’s status changes from “active” to “terminated. approval workflows ensure that access changes are reviewed and approved before being provisioned into the IT environment. moves. transfers. Holdings Figure 1. Providing our business users with an interface to request and validate access changes. IdentityIQ Lifecycle Manager facilitates the delivery of access requests and changes according to policy.“With SailPoint IdentityIQ. Not only does this approach reduce complexity and enable the business to proactively participate in activities previously relegated to IT Operations.” Jeff Boatman Information Security Manager Tokyo Electron. IdentityIQ Lifecycle Manager leverages the IdentityIQ Governance Platform to proactively enforce business policy throughout the automated change management process. we have ample visibility into our company’s identity data. but it also speeds deployment of request and provisioning processes. For example. and terminations) through integration with authoritative sources. Requests are generated through an easy-to-use access request interface or triggered by automated lifecycle change events. when an employee changes roles within the organization.S.

For More Information To learn more. all underpinned by a common role. and risk models. faster and stronger.T. That’s why the most demanding IT organizations in the world rely on BMC Software across distributed. virtual and cloud environments. role. BMC is able to resell third-party products that complement and or augment our own products. Business thrives when IT runs smarter. BMC.appropriate reviewers and managers. please visit www. All rights reserved. I. For the four fiscal quarters ended September 30. As a MarketZone Direct product. With BMC Remedy Identity Management.T. The IdentityIQ Governance Platform also includes the IdentityIQ Provisioning Broker. Workflows also enable preventive policy checking to ensure that changes are being made without introducing new policy violations into the environment. In either case. and the BMC Software logo are the exclusive properties of BMC Software. are registered with the U. BUSINESS RUNS ON I. and risk model to deliver preventive compliance. © 2011 BMC Software. Integration with BMC Remedy Identity Management or BMC Remedy Service Desk serves as the bridge between the business processes. access request management. reduce risk and drive business profit. providing a complete and auditable record of who requested access changes and who approved or denied the request. IdentityIQ logs the actions performed by each.S. the integration will generate a trouble ticket for execution to be made manually.96 billion. integrated lifecycle management. 2010. process monitoring.S. BMC revenue was approximately $1. Inc. service marks. It allows you to build preventive and detective controls that underpin lifecycle management processes. these products are available under BMC license and support terms. Once the appropriate approvals and policy checks are executed. SailPoint IdentityIQ is a business-oriented identity governance solution that delivers risk-aware compliance management. which orchestrates the fulfillment of access requests and changes across a myriad of provisioning tools and processes. whereas with BMC Remedy Service Desk. driving change to access and the technical processes that actually implement the changes. and logos may be registered or pending registration in the U. the access change implementation is fully automated. Inc. this seamless orchestration unifies policy enforcement. RUNS ON BMC SOFTWARE. About MarketZone Direct Products Through the MarketZone Direct program. Capabilities » Jump-starts deployment with out-of-the-box workflows – Provides preconfigured workflows for common processes. and identity intelligence. including approvals and policy validation » Models customized workflows – Makes it easy to customize workflows to fit the unique requirements of your existing business processes » Visualizes workflow processes – Provides visibility to process-level execution of individual workflow steps and enables service-level monitoring for access request and change processes About SailPoint SailPoint empowers some of the world’s largest organizations to mitigate risk and reduce IT and compliance costs while still meeting the highest standards of corporate governance. * 187524* . SailPoint IdentityIQ Lifecycle Manager IdentityIQ Lifecycle Manager supports both user-initiated access requests and automated event-driven access changes.com. adaptive role management. BMC Software.bmc. mainframe. All other trademarks or registered trademarks are the property of their respective owners. BMC offers a comprehensive approach and unified platform that helps IT organizations cut cost. and auditing — and shields business users from the underlying complexity of provisioning implementation. Patent and Trademark Office. and may be registered or pending registration in other countries. Recognized as the leader in Business Service Management. policy.. End-to-End Identity Governance and Seamless BMC Integration The SailPoint IdentityIQ Governance Platform serves as the foundation for lifecycle management activities by providing a centralized repository for aggregated identity data and for IdentityIQ’s policy. the workflow passes change requests to the IdentityIQ Provisioning Engine for fulfillment in the appropriate target resources. All other BMC trademarks. or in other countries.

Sign up to vote on this title
UsefulNot useful