You are on page 1of 4


SailPoint Lifecycle Manager for BMC Software Solutions
Deliver access quickly, securely, and cost effectively

Key Benefits
With IdentityIQ Lifecycle Manager, you can: » Enable business users to independently request and manage access » Speed delivery of access using automated event triggers » Consolidate access request and change processes across disparate “last-mile” provisioning and fulfillment processes » Improve audit performance and risk posture with preventive policy enforcement

Business Challenge
In today’s world of rapid and constant change, many organizations are struggling to address the increased access demands of the business. Current solutions for requesting and managing user access are outdated and inefficient. Processes are disjointed and complex and don’t map succinctly to the core business processes driving changes within the enterprise. What’s more, governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate governance mandates.

The BMC Solution
Efficient, compliant access delivery
Organizations need a better way to request and manage user access changes. SailPoint IdentityIQ™ Lifecycle Manager enables business users to directly participate in the end-to-end processes, driving change while also enforcing preventive controls to ensure access is managed according to policy. IdentityIQ Lifecycle Manager empowers the business to manage changes to user access in a policycontrolled environment. It streamlines the front-end business processes associated with provisioning of changes to user access (including on-boarding, transfers and promotions, and off-boarding or termination) to ensure that users have the appropriate access given their current status within the organization. Enabling line-of-business users to self-administer their own access with easy-to-use tools frees up valuable IT resources for higher-value projects. By centralizing and managing access request processes within the constraints of a pre-defined governance model, IdentityIQ Lifecycle Manager enhances your security and compliance posture and creates transparency for audit-related inquiries. Furthermore, the support of multiple fulfillment processes, such as user provisioning platforms, help desk solutions, and manual processes, ensures a common experience and streamlines the value IdentityIQ Lifecycle Manager provides.

Self-Service Access Request
Empower business users to manage access
IdentityIQ Lifecycle Manager provides the industry’s first “shopping cart” experience for requesting access through a user-friendly graphical user interface. Business users are provided with convenient options for viewing current access privileges, selecting new roles and/or entitlements, updating their identity attributes, and checking the status of previous requests. The new shopping cart request view increases business user productivity and satisfaction and removes a significant administration burden from IT staff by presenting users with a familiar, easy-to-use interface for requesting and managing changes. Users simply add roles or entitlements to their shopping cart and are then guided through the checkout process, where additional information may be gathered to support completion of the provisioning transaction. Simplifying the business user experience must be balanced against ensuring changes are made based on corporate governance and compliance policies. IdentityIQ Lifecycle Manager automatically enforces enterprise policy during the self-service request process by evaluating the validity of a request and checking it against established policy before initiating the appropriate approval workflows. In addition, visibility to access data is controlled so users can only request access for privileges specifically allowed by the business.

offboarding) » Configurable Workflows – Facilitates the automated review and approval process to drive provisioning requests. you can leverage the IdentityIQ Risk Model to increase scrutiny of high-risk access changes. To create transparency to in-flight or completed requests within IdentityIQ Lifecycle Manager. managers.g. Capabilities » Allows business users to reset or change passwords – Offers business users an easy-to-use interface for resetting or changing passwords immediately and according to policy » Enables delegated password management – Allows management and administrators to reset passwords as needed » Enforces Password Policy – Provides consistent enforcement of password policies. Password changes are automatically synchronized with target systems by leveraging the IdentityIQ Provisioning Engine or other third-party provisioning solutions. or other delegates can reset passwords for those users who are unable to change them on their own. directly from their dashboard or through reports. as well as the final status (approved/rejected) of completed requests. This improved usability helps businesses to be more autonomous from IT. IdentityIQ Lifecycle Manager alleviates this burden by empowering business users to independently change and reset passwords. onboarding. including minimum/maximum length and history .Key Capabilities » Self-Service Access Request – Empowers business users to easily request and manage access through a policydriven “shopping cart” interface » Password Management – Enables users to quickly change or reset their passwords without having to contact the help desk » Lifecycle Event Management – Automates changes to access across the lifecycle of a user (e. while IT can rest assured that access is being delivered according to policy and agreed-upon service levels. promotion or transfer. Governance is enforced throughout the self-service access request process by leveraging the IdentityIQ Business Process Modeler to define and implement configurable review and approval workflows. When users request access at the entitlement level. ensure closed-loop access fulfillment. users requesting privileged access to a key financial system may require higher-level approval before access is granted. For example. As needed. IdentityIQ Lifecycle Manager displays entitlements using easy-to-understand descriptions. Capabilities » Empowers business users to request and manage access – Leverages a business-friendly “shopping cart” view for requesting or removing access rights » Facilitates delegated administration – Allows managers or security administrators to request new access or change access for members of their team » Provides visibility to request status – Tracks in-flight and completed requests through dashboards. IdentityIQ Lifecycle Manager supports applicationspecific password policies and configurable challenge questions. Changes to access can be requested using business-friendly roles or at the entitlement level. and advanced analytics » Prevents policy violations – Enforces preventive identity controls by embedding policy evaluation and approvals within access request processes Password Management Lighten the load on your help desk through business-friendly self service Password resets continue to drain help desk resources. reports. and track all access approval activity for auditability IdentityIQ Lifecycle Manager simplifies and enriches how users request or change access privileges by providing business context to complex IT data. This greatly reduces operational costs. In addition. IT administrators. users can quickly view where requests are in the process. To consistently enforce corporate security requirements.. This prevents users from requesting incorrect privileges or calling the help desk for assistance.

IdentityIQ Lifecycle Manager leverages the IdentityIQ Governance Platform to proactively enforce business policy throughout the automated change management process. It also eliminates the need to embed complex business policy within individual provisioning workflows. At the beginning of the access request process. moves. Its workflows are created and managed within the IdentityIQ Business Process Modeler using drag-and-drop editing. Similarly.“With SailPoint IdentityIQ. Capabilities » Simplifies management of access – Enables business-friendly configuration and management of identity lifecycle events across the organization » Speeds change with automated event triggers – Initiates changes to access privileges through the IdentityIQ Provisioning Broker with configurable triggers » Prevents policy violations – Enforces preventive identity controls by embedding policy evaluation and approvals within identity change processes » Monitors end-to-end processes – Centralizes lifecycle process monitoring and enables continuous performance improvements Configurable Workflows Ensure proactive governance across processes IdentityIQ Lifecycle Manager provides configurable workflow capabilities to ensure the validity of access changes and manage the end-to-end business process across both self-service access requests and lifecycle change events. and terminations) through integration with authoritative sources. when an employee changes roles within the organization. Not only does this approach reduce complexity and enable the business to proactively participate in activities previously relegated to IT Operations. Lifecycle Event Management Streamline management of user lifecycle changes IdentityIQ Lifecycle Manager automatically handles such events as changes in employment status (hires.” Jeff Boatman Information Security Manager Tokyo Electron. transfers. IdentityIQ Lifecycle Manager facilitates the delivery of access requests and changes according to policy. As approvals are routed to . which executes the required approval processes and drives the requested change through the IdentityIQ Provisioning Broker to ensure closed-loop access fulfillment. Holdings Figure 1. such as HR systems and corporate directories. Requests are generated through an easy-to-use access request interface or triggered by automated lifecycle change events. When a lifecycle event is detected. we have ample visibility into our company’s identity data. and then automatically provision those changes. when an employee’s status changes from “active” to “terminated.” a trigger launches a deprovisioning request for all of that user’s access privileges. This allows you to centralize the definition and management of lifecycle events separate from the implementation of changes. approval workflows ensure that access changes are reviewed and approved before being provisioned into the IT environment. It’s a win-win situation for both business and information security personnel. will increase the efficiency and effectiveness of the overall process. but it also speeds deployment of request and provisioning processes.S. Providing our business users with an interface to request and validate access changes. For example. a lifecycle event triggers the assignment of a new business role to replace the user’s current role. allowing business users to manage the process independent of the technical change management processes. graphical interface. Lifecycle events are defined and tracked through an easy-to-use. U. the selected workflow is triggered. which is critical for compliance and security initiatives.

this seamless orchestration unifies policy enforcement.T. service marks. 2010. integrated lifecycle management. All other trademarks or registered trademarks are the property of their respective owners. all underpinned by a common role. About MarketZone Direct Products Through the MarketZone Direct program. Capabilities » Jump-starts deployment with out-of-the-box workflows – Provides preconfigured workflows for common processes. these products are available under BMC license and support providing a complete and auditable record of who requested access changes and who approved or denied the request. whereas with BMC Remedy Service Desk. All other BMC trademarks. Business thrives when IT runs smarter. BMC. reduce risk and drive business profit. mainframe. and auditing — and shields business users from the underlying complexity of provisioning implementation. and the BMC Software logo are the exclusive properties of BMC Software. The IdentityIQ Governance Platform also includes the IdentityIQ Provisioning Broker. adaptive role management. Workflows also enable preventive policy checking to ensure that changes are being made without introducing new policy violations into the environment. process monitoring. and risk model to deliver preventive compliance. the workflow passes change requests to the IdentityIQ Provisioning Engine for fulfillment in the appropriate target resources. Inc. SailPoint IdentityIQ Lifecycle Manager IdentityIQ Lifecycle Manager supports both user-initiated access requests and automated event-driven access changes. Patent and Trademark Office. Inc.S. With BMC Remedy Identity Management. © 2011 BMC Software. policy.bmc. Integration with BMC Remedy Identity Management or BMC Remedy Service Desk serves as the bridge between the business processes. BMC is able to resell third-party products that complement and or augment our own products. SailPoint IdentityIQ is a business-oriented identity governance solution that delivers risk-aware compliance management. access request management. BMC revenue was approximately $1.T. BUSINESS RUNS ON I. the access change implementation is fully automated.appropriate reviewers and managers. In either case. IdentityIQ logs the actions performed by each. virtual and cloud environments. and risk models.. including approvals and policy validation » Models customized workflows – Makes it easy to customize workflows to fit the unique requirements of your existing business processes » Visualizes workflow processes – Provides visibility to process-level execution of individual workflow steps and enables service-level monitoring for access request and change processes About SailPoint SailPoint empowers some of the world’s largest organizations to mitigate risk and reduce IT and compliance costs while still meeting the highest standards of corporate governance.96 billion. As a MarketZone Direct product. For the four fiscal quarters ended September 30.S. the integration will generate a trouble ticket for execution to be made manually. and may be registered or pending registration in other countries. and identity intelligence. I. For More Information To learn more. BMC offers a comprehensive approach and unified platform that helps IT organizations cut cost. * 187524* . That’s why the most demanding IT organizations in the world rely on BMC Software across distributed. BMC Software. End-to-End Identity Governance and Seamless BMC Integration The SailPoint IdentityIQ Governance Platform serves as the foundation for lifecycle management activities by providing a centralized repository for aggregated identity data and for IdentityIQ’s policy. please visit www. and logos may be registered or pending registration in the U. faster and stronger. are registered with the U. All rights reserved. role. Once the appropriate approvals and policy checks are executed. driving change to access and the technical processes that actually implement the changes. or in other countries. which orchestrates the fulfillment of access requests and changes across a myriad of provisioning tools and processes. It allows you to build preventive and detective controls that underpin lifecycle management processes. RUNS ON BMC SOFTWARE. Recognized as the leader in Business Service Management.