KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Well, good afternoon, ladies and gentlemen, welcome to our co Nicole webinar, lean intelligent IAM processes for the ABC, the agile business connected enable automation and leverage your organization's intellectual assets. This webinar is supported by identity automation. The speakers today are me. My name is Matthias Reinwarth. I am senior Analyst at co a Cole, and then the second part, Troy Moland CTO at identity automation will join us before we start some housekeeping.
And of course, some general information about co a coal as an Analyst Analyst company, Kok, we are providing enterprise it research advisory services, decision support, and networking for it. Professionals. We do this through our research services, where we provide several types of documents, including our leadership compass documents, comparing market segments, advisory notes, looking at various topics, vendor reports, executive views, executive briefs, et cetera. And we do this through our advisory services where we provide advisory to end user organizations and vendors.
And we do this through our events like webinars or seminars. And our main event is the EIC, the European identity and cloud conference. And the next EIC is just a few days away and will be held in Munich from the fifth to the 8th of May. And we think it is a must attend event. You shouldn't miss the EIC 2015 with its large number of speakers in sessions, in the areas of digital identity, cloud management and GRC.
And please consider having a look at our agenda for this upcoming event, using the given URL for our audience in Asia Pacific, the API, the AP IC the Asia Pacific identity cloud and security conference scheduled for November this year will surely be a highly valuable event as well. Some guidelines for this, for this webinar, you are muted centrally, so you don't have to take care of this. We are recording this webinar and the recording slide text will go online on our website tomorrow.
Latest, there will be a Q and a session at the end of the webinar, but you can enter your questions during the presentations at any time using the questions or flag button, depending on the language version of your software on the right side of the go to webinar software, please do so so that we can start the Q and a session right away with a good set of your questions. The agenda consists of three parts. The first part will be my Analyst view and introduction into the new ABC and it's changing requirements for IAM processes.
Then Troy Morelin from identity automation will take over and talk about implementing secure, efficient, and lean IAM processes while remaining compliant to laws, policies, and regulations. And the third part will be the Q and a session as already mentioned. So now let's start with our first part and let's start with, let's start with a description of what we at co call call the new ABC. The a in ABC stands for agility. We are looking at a new form or a new organization form of for companies and agile agility is a key capability of successful organizations.
It is the, the ability to quickly adapt the organization and the business model to new customer demands to innovations and the changing competitive landscape agile is meant with regards to the business processes, to the business models, to the communication, to the it and the solutions provided and the teams and the projects that are working within an organization. Agile is the business. And the B is the business business. As of today is in an, in an evolutionary process.
It changes from traditional standalone business to connected business and to it, it deploys new collaborative business models, the digitalization of business, the, the changing of the way that business works is a constant challenge for organizations. We see constant restructuring ring. We see the connected enterprise and the extended enterprise.
We, we will see with the letter C on the left top side of the, of the slide, then connected means cloud computing means mobile computing and social computing, but it also means more and new communication with new identities for a traditional organization, especially this means we are connected with partners, with customers, even with consumers. And we do this through many types of networks, including social networks for getting more marketing and more communication.
And also through specialized networks like industry networks, for example, in the automotive industry or in the healthcare industry, the new ABC requires a new approach at information security. It has to provide appropriate mechanisms, supporting the business with agility and connectivity, but also with information security. And one important part is an appropriate user management approach, a flexible user management to manage all types of users and all types of services, whether they are external or internal users on premise it or cloud services.
So we have two coexisting, different types of requirements. We have the traditional requirements for identity and access management, and that is what everybody expects from IAM. This is efficient administration. This is the administration of employees and externals. We want to make sure that users have the least privileged access that they need, but they can perform their work. We want to have it auditable. We want to be compliant with regulations and laws, and we want to provide the evidence for this compliance.
And this is the typical set of requirements for a traditional IM, but IM for the ABC, for the agile business, connected is more business driven. It requires agility. It requires that we are adaptive to change and requirements that we have immediate immediate productivity, no new types of identities, that we are highly scalable, that we get to low or no administrative overhead. And we are cost efficient at that point. It security and the identity and access management are facing a whole set of new challenges and change challenges.
And this challenges on this slide are only a few examples, and I'm quite sure that some of our audience are currently facing faster and faster changing requirements for identity and access management and information security in general. And this is driven from many different factors. It's from digital products to new teams entering the, the company or the organization. We have new business models. We have mergers and acquisitions. We have new types of marketing and in general, we want to have a faster time to market the usual way.
I don't have to explain it in, in that in depth is the, the traditional IM we have role concepts that are multilayered complex technical roles and business roles. And we have a complex elaborate lifecycle for roles and identities. We provide access through access request and approval processes. We have access re-certification sometimes multi-level we have, of course, to provide compliance and the evidence for compliance to audit. We have to make sure that we meet all sod requirements and that we provide mechanisms for access governance.
We have the necessary identity processes, and, and we involve lots of different stakeholders within an organization from the line managers to the enterprise architecture or organization and the HR team. This is the usual way. This can sometimes get clumsy and can be tedious to achieve traditional IAM processes within a larger organization within an agile organization. So we have to make sure that we get a good way between the two approaches to IAM the traditional IAM approach and the lean approach that we are talking about today.
So we want to make sure that we get to a lean approach that allows for a high level of automation and that we leverage the, the knowledge within an organization, especially within our employees. So we want to achieve automated identity creation, automated access assignment. We want to have risk orientated access assessments. So we want to make sure that the risk is an important factor for judging the individual access rights.
We want to have real time analytics, and we want to reduce the complexity of roles compared to the usual characteristics associated with a traditional IAM process, ranging from complex role concepts, to a large manual interaction of management and line management. And it people I wanted to give you just a short overview over the basic processes required and where lean intelligent processes might help. At that point, we have the basic processes like an employee, joining an organization, being moved within an organization, join us and movers.
We have temporary changes like sabbatical or maternal leave. And we have actual levers people that leave the organization and of course have to lose their access. But these basic processes are now changed. And there are new ones added for partners for the customers, for the consumers, especially in the extended enterprise when it comes to communicating with partners and consumers and customers. So these are the identity processes that we have to think about in a agile organization. And once the identities are appropriately defined, they need access according to the current job description.
So defining access requires that people get their actual required based roles so that they can start to work immediately. This means that we have to define the roles or the profiles or the entitlements that people should have at a special position. We have to identify the role risk level and criticality. There will be access rights, entitlements roles, or profiles that will be of different levels of criticality and will be associated with a different level of risk. And maybe we have to handle them differently. We have to define the restrictions for access.
There will be access rights that will be only available for internal people or for special types of internal people, specially trained people. And we have to define assignment periods. For example, for access rights, there will be access rights that should be only assigned for a short period of time ranging from a few weeks to just a few hours. Maintaining access means that we identify the appropriate assignment and removal rules so that we identify that people, that people joining an organization can have the required access.
By for example, something like an attribute that they carry with themselves. For ex for example, in HR or in the line management database, somewhere where you can identify a person clearly and, and uniquely, sometimes access is maintained by access request and approval. And this will be necessary also in agile companies, especially when it comes to special purpose access that goes beyond a base role assignment.
And of course, we will have to make sure that we can re-certify access and achieve compliance, but maybe we can make this in a more intelligent way than doing all 24 months or 12 months a complete recertification campaign. We think lean design and lean processes require are required for, for agile organizations. And one thing that we think is important is that we design lesser and better roles so that we can make sure that that, that we cover, for example, say 90% of your organization with a reduced set of basic roles.
Many organizations think that role design a role model is aimed at designing and modeling the complete enterprise in a lean environment. This might not be the case. We just design access and roles assign access and not model the enterprise. So we need generic reusable and combinable roles, which allow for easy access management. We want to simply simplify or avoid recertification. And one nice approach for achieving this is that we assign all access for limited time only.
So that makes sure that that once access has been given that it will be terminated by default when it not is not again requested or assigned and understanding the risk means that we identify which roles should be removed earlier when they are not again, requested or assigned. So high risk assess access will be assigned only for shorter periods of time. One important thing. I think that Troy will tell us more about that is that we want to get rid of unneeded manual processes.
We want to make sure that manual processes are only required when they are really required so that we want to make sure that whenever it is possible to, to, to base the decision for access on existing knowledge, we want to make sure that this happens. So there is a lot of information in HR. There is a lot of information about people within the line management to assign the actual job positions for people. So we can identify rules for assigning removing roles to identities. And whenever we can automate this, this is a good case.
When, when we want to remove manual processes, we want to avoid management approval. When not required, maybe we can identify access rights. That can be pre-approved in certain conditions. When somebody comes in and we know he joins this team, we want to make sure that he has the appropriate access. And when we make sure that he's in this team, we can think of this access, right as pre-approved, and then he can get the access, right. And when he leaves the team, he leaves, he, he loses the proper access rights.
Another special thing to think about is we want to make sure that we empower the user, empower the business, empower, empower our employees, and this we can do by implementing self-service portals for requesting it re requesting access as we've seen before. And we have probably even something like self-service attestation if required and possible. So if you look at the challenges again, and this is one important point, then we pick out one of these just to tell you how such an lean process could look like. So we take the one in the middle of the new team is coming into existence.
So we say we have a new team for customer care, and what happens in hopefully lean and intelligent process. First of all, the employees joining the team will be added in HR. So HR is the main source of information at that point. And we have to make sure that we can identify them as members of this new customer care team. So we have to make sure that they are intelligently tagged in HR, that the appropriate information is available in HR. So this is when, when we say we want to reuse existing enterprise knowledge and leverage that.
So the next step could be that we automated assign pre-approved roles for member of a customer care team. So once the person joins the company and he's available in HR and he starts working on day one, he should be already assigned with the appropriate access rights based on the tags, on the, on the attributes that he has in HR. So he would be ready to work on day one, the next step.
Then, of course not everybody does the same work within the same team. Hopefully then we have to make sure that additional more specific access rights have to be requested on by, by the individual or by the line management so that they can easily self request their access. And it then can get, can get approved by business if required. It could be even preapproved again at that point. And we have to make sure that this assignment of access rights is again, time based. So once somebody has the access right assigned, then he can start working and he will get a notification.
Once the access right is already expected to be expired, then the actual work phase starts. So by everybody can work within this team. He has the appropriate access rights based on automated, automated assignment and on requests that he, that he made. And once the, the working phases coming to an end, he will probably, or she will probably get a notification that the assignment of access rights will is about to, to expire. And if the work has to continue, then the, the employee can re request before expiries.
So there, it will be no interruption. Team changes position in HR would then mean that some of the attributes of the tags will be changed and that the intelligent processes can react appropriately. And the last thing in this user life cycle will be the automated removal of no longer required excess. And this is something that can be most probably also done intelligently and automatically. This is one example of a lean process, not with a highly sophisticated role model, but with a, with the aim to get to efficient and lean processes by assigning access to people within an agile organization.
And with this example of a lean process for managing a well defined team of users, I want to hand over to Troy of identity automation to learn more about how such processes can look like in the real world. So not the Analyst view, but the real world. All right, thank you very much. As Mattia said, I'm Troy Moreland, I'm the founder and CTO of identity automation. You can see my email address here. So feel free to reach out to me after this webinar.
If you have any questions, Matthias also mentioned the EIC conference coming up Munich in a couple of weeks, I will be attending that as a panelist. So hopefully I'll have the opportunity to meet some of you while I'm in attendance there. So obviously Matthias just went through the cupping or coal concept of the agile business, connected identity automation, fully agrees with that concept. And really we build our products and solutions around a lot of those same, those same ideas.
And so all I'm gonna do really is extend that to, to talk about the identity automation perspective of, of an ABC concept. So, first of all, you probably wanna know a little bit about identity automation. I wanted to just provide this URL here. You all should have access to the, to the deck slides after the presentation. So this link will just take you to a little company overview video to learn a little bit more about identity automation briefly. We've been around since 2004.
The key takeaways from this slide is we had a lot of consulting experience in, in the identity and access management marketplace. That's where our roots are. And then later we, we thought it would be, we, we thought that we could do a better job of providing software. That's focused on identity and access management. And so we've been transitioned as a software company for the past five years. And in that short period of time, we've amassed well over 200 customers. So there's a lot of growth there. We're managing millions of identities worldwide.
And we also today have the largest cloud identity and excess management deployment, which is growing to about a 10 million user or 10 million identity implementation. We're very focused on providing identity and security functions down to the end users and business owners where, you know, who are making those business decisions better than someone from it could. So that concept of lean intelligent, ideally in access management means a lot to us as well.
So the three primary business drivers that we find most of our customers talking about are going to be the, the need to improve security, save money, and increase business agility. A different organization might find one or more of these to be a, a higher priority.
But, you know, the focus of the, the ABC would be for organizations who are really focused on the increased business agility. And that could mean a lot of different things. It could mean automation. It could mean that you are needing to empower your users, your end users, more taking away it bottlenecks. It could mean that you are needing to use cloud services more, but how do you do that in, in a secure way to where you can manage that access for your employees?
And it could mean that you are doing a, bring your own device and you need to make sure that you're supporting the access to the systems that your users need regardless of, of what device and what location they're coming from. So we have a reference architecture, our product is called rapid identity. And so our reference architecture takes into account. The division of identity management in two categories. One is identity administration, and one is identity governance.
So the administration is basically the automation of account management and group management across all of your systems in scope. It could be an on-premise system. It could be a cloud system. So for example, an on-premise, you might wanna make sure you're automating your account in group management of an active directory. Orno another LDAP instance in the cloud. You might want to make sure that you're provisioning to Salesforce, to Google apps, to office 365, et cetera, and keeping all of those systems in sync to, to mimic a single identity for your users and in an automated fashion.
The governance side of things is more about managing entitlement and roles and such through requests and certifications. So empowering the users to make those unique requests for access that you could not automatically assign, or that you shouldn't automatically assign if necessary because of, you know, policy reasons. But in our view, any identity management solution that you look at should have a very ex inclusive, rapid architecture, such as the one I've we've laid out here.
And certainly we can dive into any of these topics for a 20 minute discussion, but for now, I just wanted to make sure that, you know, we talked about the reference architecture. You can review that and certainly ask us for any more details within any of these categories. So within the identity administration side of things, we certainly like to look at things in, in terms of a life cycle. So we don't just create accounts. We don't just deprovision accounts. We wanna make sure that we're helping businesses automate the entire life cycle of a user's presence within their organization.
So creating identities across all systems, and then what's gonna happen throughout. So through self-service, there might be things such as authentication, password changes, requests being made for additional access. And then process-wise there's life cycles. So Matthias talked about the HR system.
In, in most cases, that's a very key system because that's where hires are happening. So we propagate that hire throughout the organization, hopefully automatically creating them in all the systems that you need, or what if they transfer to a different department. What if their manager changes? What if they have a name change? What if they're terminated? So all of these things affect the life cycle and to be truly agile, you have to automate the implications of those changes in the HR system and other business systems into the systems where users are logging in.
So managing their access, their privileges, as much as you can in the automated fashion and where you can't do it, automated, at least making sure that your life cycle includes the ability to handle those one off requests, you know, through Anque a request and approval process. So that's how we talk about the life cycle for identity administration. Expanding on that in, in some sense is the identity governance lifecycle.
So identity administration is kind of focused on the accounts and the, and the core access that you have, and the governance would be dealing with any, any case where you need to assign roles, entitlements, et cetera, based on a, a request. So an approval process Matthias talked about limiting how long you have any particular access. We've completely agree with that. And our identity governance life cycle is, is basically driven by this time based access concept.
So for example, if, if you're an active directory shop, the, the most privileged access to that would be being a member of the domain administrator group, you know, a lot of organizations give that access to their core system, administrators indefinitely. What if you did it through time-based certification?
So let the system administrators or request to become a domain administrator in order to do their job, but, but remove that access when they're done with those special tasks that need that elevated privilege, because throughout the day, these individuals probably don't need that access continually. And this is going to mitigate risk of what that account is able to do. What happens if someone breaches that account?
So the identity governance life cycle is very key to this, give access to the people, the right people to the, to the right system, with the right access for the right amount of time. And, and that is the governance life cycle, which is very much in step with what Matthias discussed with, with ABC. So broken down rapid identity is, is consists of four different components. We have our rapid Porwal, which is the user interface.
That's where you do all the self service and delegated administration from the end user, all the way up into the, the it administrator users, rapid connect is the backend system that provides adapters to connect to your source systems and your target systems. So it'll pull in data from source systems like the HR system, it'll do manipulations check for conditions, et cetera, to make very smart, very lean and intelligent decisions in how to provision accounts in your directories, your databases, your applications, your cloud systems, et cetera.
Rapid Federation is our cloud single sign on product that allows you to authenticate to cloud services, but using trusted credentials that your organizations maintaining. And then lastly, we've got a rapid folders component where if you're a windows shop and you provision windows file system storage, such such as home directories or group shares, it automates all of that. The home directory and group share management through policies based on events in the directory. So that is what encompasses rapid identity. So here's kind of the logical view of what that looks like.
So in the center is, is anyone's given identity rapid Porwal is how the user would log in to manage their own identity, to perform self-service like forgotten passwords to, to request additional access. And also if, if you've given someone delegated abilities, it'll empower them through the Porwal to manage other identities, such as an obvious one, you would give your help desk, the delegation to, to change passwords for others in the organization through the rapid Porwal interface. But you can also empower the business in, in very similar means.
So for example, you could, if you chose to delegate to hiring managers, the ability to, to reset passwords or unlock accounts for their employees, or do that at the departmental level, the division level in education, you can delegate to teachers to manage their student identities and passwords. So it's, it's all about empowering the business to make those, those, those lean and intelligent decisions about their identities. Rapid connect then is what's going to keep that identity in sync across all relevant systems.
So it would pull from the source systems such as an HR system, and then push to all of your target systems like your directories, your databases, your cloud apps, et cetera, to make sure those identities are being kept in sync so that when changes happen in the business process, such as hires fires and everything in between that those actions are being reflected in all of those target systems accessing the, a cloud application would then talk to rapid Federation so that your users are able to authenticate to those cloud systems using their, their known identity.
And then you've got rapid folders, which again is automating the window folder management. So automating home directories based on policy for making decisions like location, ACLS, predetermined folders, et cetera. So there's a lot of differentiators with regards to rapid identity. So at a high level, we really talk about that. We are covering the complete identity life cycle. We're not a point solution that does just one thing, you know, we don't do just single sign on.
We absolutely do single sign on, but we're really big on managing the life cycle of the identities themselves because your identity has to exist in the applications or systems that you're going to authenticate to and use. So it's very important to, to make sure your solution provides that end to end identity management solution, such as discussed in our reference architecture, we have a very intuitive interface for building workflows. It's we have a flexible sponsorship module, which that's referring to managing the life cycle of accounts that don't come from an authoritative system.
So for example, if HR is handling employees, but not contractors well through our rapid identity tool, you can empower hiring managers that are bringing in contractors to be responsible for the creation or the provisioning of those accounts, but, but do it within a policy that makes sure that there is an end date to those accounts so that you don't have, you know, accounts out there indefinitely, but you're empowering the business to do that. And that's, what's very key. We have automatic automatic access management. So just like Matthias was discussing time based access.
So if you, if you can't or don't want to automate certain access to be done automatically based on, you know, HR attributes and such, then use a time based approach.
If you do certification campaigns, what you're going to do is you're going to overburden the business owners that are responsible for maintaining appropriate access to their systems, because if they're getting hundreds or thousands of re-certification requests on January 1st or October 1st, they're probably not doing the, the appropriate due diligence to do the certification of those accounts, because they're just too many of them. I mean, they have a day job, so they're gonna select all and say approve.
If you do it time based, then they're gonna have more time, cuz it's going to be based on when the user was granted that access. So that will spread out your certification requirements and it it'll allow for a better secure process for ensuring the right access to the right people at the right time support for virtually any connection. So we have a very robust adapter library for our rapid connect product, which again, lets us connect to many onsite and cloud-based systems.
So being agile is all about being able to move quickly and be able to connect to new systems as quickly as your end users are finding them massive scalability. As I mentioned before, we have the largest identity management solution in the cloud, in the cloud, in the cloud of its kind. So there's definitely massive scalability in including not just high availability and low balancing, but, but elastic infrastructure to scale on demand, the robust delegation model.
So again, we're empowering the, the, the users of the business to, to deal with the access that they need and, and that they know about better than anyone. So we have the ability to, to delegate whether it's account management or group management, across many different environments, key features there's several on premise or in the cloud is very key for us. You can have our system running on premise virtual or physical or, or hosted in the cloud.
You know, a lot of great information here, but actually looking at my time, you'll have access to this, you know, please review this as you have time. But what I really wanna do is focus now on my last few minutes here on demonstrating the example process flow that Matthias discussed in, in his presentation. So as you can see, you'll you have a link to go watch this video. It's a silent video because I just made it specifically for this presentation. And basically it's going to talk about, or it's gonna demonstrate as much as can be done in seven minutes.
The, what it will look like to hire a new employee, let them do self-service requests. Talk about the time base expiration and you know, the life cycle of this account. So this is someone logging into rapid identity, and this is a business user. So this is basically an, an HR manager or an HR representative logging into the rapid Porwal interface. So in this case, they're going to be logging into the HRMS system. It should be a single sign on this. What you're seeing right now is not our product. It's just a, it's just mimicking an HR system that we use for demonstration purposes.
So, but this is an example of hiring a new employee and this employee for the purposes of the demonstration is going to be a teacher. So again, this is just the, the normal process that your HR business would, would do in the HR system, nothing special. So once the employee is created that that's when our rapid connect system would be invoked. And we would grab that information does not require HR to add any additional data because normally the data that HR is entering like location and department, their position is gonna be enough information to, to do a lot of automated provisioning.
So within our system, we can see that looking up, our new employee, babe, Ruth, they've already been provisioned. So the next step will be to log in as a system administrator who will have a little bit more privileges to give you a, a larger view of the provisioning task that was performed on babe Ruth based on the information that was entered in the HR system. So this goes back to automating as much as we can, based on that data, assigning roles, assigning entitlements, et cetera.
So now if we look at babe Ruth, from an administrator perspective, you can see we've not just created the account, but it's been given entitlements. It's been assigned roles it's been given in this case, a risk score of zero because they're a teacher with very basic, with very basic access. All of which, you know, none of this is hard coded. This is whatever's appropriate for your environment. This is just what we built in this demo environment. So now babe, Ruth is our new employee. He's never logged in before he doesn't have any idea what his credentials are.
So the first part of self-service is to be able to claim your account. And normally you would ask questions that are a lot more secure and better than an email, but this is for demo purposes. So as long as babe Ruth knows his email, then he's gonna be able to assign his own initial password. And then we'll ask him to set up his challenge questions for later use in case he forgets his password, all of which are configurable to be whatever questions you would like. And you can see that it's also showing babe Ruth what his username is. So now he knows what his username is.
He assigned his own password. So now we can go back to the rapid identity login page in order to log into the system. So upon login, he's a brand new employee. Of course we wanna automate as much of his access as we can, but in this demonstration he has access to nothing, but he does have access to his profile. So he has visibility of what his identity is because he's a teacher, we've delegated him perhaps to manage student accounts. And then in workflow, he's able to go to requests and request access. So in this case, this organization might use Google apps.
So even though we would probably have done this automatically, this is just given you a demonstration of how entitlements could be requested through self-service. So babe Ruth is going to request Google apps account to be created. It would go through whatever approval process, your organization desires in our demonstration.
There's, there's not an approval process. It'll just go straight through and be granted. And it actually does the provisioning step of creating that Google apps account in the cloud. And then when he refreshes his applications, he now has a link to Google, which using rapid Federation would do single sign on into that system. Now that in this example to, to, to use the, the time based certification, we made it toward that Google apps, entitlement expires within seven days. That's a little bit extreme. It's just for the purpose of this demonstration.
But when we log in, as whoever the business owner is of Google apps, you can see that they have a certifications tab. That's showing them who has access to their, to their systems and allowing them to either re-certify or immediately expire that entitlement, or they can do nothing. And in this case on April 19th, it would automatically expire that, which would mean it would be revoked and automatically deprovisioned. And of course the end user could go back and re-request that if they needed to now going back in as our HR manager.
So this is more about the life cycle management of, of the identity. So we've hired him, but now, now things have changed. So previously bay Ruth was a teacher and now he's decided to join the information technology department. So we're gonna make him a system administrator.
And again, this is the normal HR process, whatever that process is in, in the appropriate system. This I'm not trying to say that you have to do it our way with our, our little demo HR system. So HR does their process. Babe Ruth has been transferred basically to new department, new role. If you remember earlier, we were automating the entitlement and role provisioning. A risk score was automatically defined. So now we're gonna log in as a system administrator and look at Babe's profile again, and you'll see that automatically his entitlements changed his roles changed.
And because he's in technology, the organization decided that that, you know, is a little bit of an elevated risk. So that's why the risk score went up and that risk score going up could have impacts elsewhere. You might have to have a stronger password. You might have to do multifactor authentication when you request something, it might have to go through additional approval steps. And finally here, we're going to terminate babe Ruth. He was not a good system administrator. So he's going to be removed from our organization.
Again, this would be the normal termin termination process that your HR team would implement. So whatever your desired deprovisioning process would be would then be triggered in, in this case. I'll just demonstrate that babe Bruce account is now disabled. So his he's no longer able to authenticate to rapid identity or any of the on premise systems or cloud systems where he was provisioned. So that luckily the video completed. And that concludes the, the, the brief demonstration. Thank you. Yeah.
Thank you, Troy, for this interesting insight into the design and implementation of your way of doing the lean IAM processes. Again, I want to ask our participants to add their questions for this Q and a through the questions panel on the right side of the go to webinar software so that we have some questions to answer first questions I, I would like to ask, and now I'm joining the, the third part of this presentation. How important is the, this paradigm shift towards the agile connected business from your daily experiences with your customers?
Is this an important factor for moving towards these type of, of IM process or are any type of customers doing that for you? Well, I, I think it's absolutely critical as the advent of the cloud and as organizations are taking advantage of cloud services, I think that's one big aspect of needing to remain agile. If your organization is not moving quickly to support the, and manage the cloud systems that you're in users are using, then they're going to bypass your processes and go straight to those cloud services themselves and start using them.
And that puts your organization perhaps at risk because you're no longer controlling that access because they're doing it themselves. The more agile you remain, the more, the more systems that you can include in your identity management scope, the better it is for your organization.
The, the other aspect of that is also the multiple devices that are being used. You know, people are working off of tablets at people are now working from their mobile devices. So you need to ensure that you're enabling those, that type of access as well. And then I think thirdly, it's with all these different services and, and this talk of agility, you can't, you can't put all this burden on the it department. They can't be the, the, the group that's, that's driving all of this.
It should be building the infrastructure, supporting the infrastructure and making the connections, but once that's done, the business should be handling it from there. So being able to be, to be agile by empowering the business, to do things like managing sponsored accounts or resetting passwords at a departmental level, perhaps things of that nature. So I think those three aspects make the, the concept of being an agile business connected extremely important. Okay. Thank you. In this demo, it, it was said that the accounts were automatically created.
Where were they created and how were they created? Was it done within the, the, your products or elsewhere, or where, where did the account actually come from? Right.
So I mean, this demonstration in, in the seven minutes, I couldn't actually easily show all the places where those accounts are being created, but I do that gives me an opportunity to clarify that even though I'm using the rapid identity interface to demonstrate that that is really just a view that's coming out of in this case, an active directory instance where the provisioning was occurring. And then from active directory, the process was kicking off with our rapid connect product that was also provisioning to Google apps in the example that we gave.
So the, the interface that you see, you know, we, we have, no, we have no proprietary repository for accounts. This is all coming out of, of your core directory service. And then of course we can provision to whatever systems are necessary for identities to be managed for your organization. Okay. Thank you.
I, I probably one, one last question is where, where do you, where would a typical customer run the solution? Is it, does it have to be on premise because with the, with the idea of agile company, it might be interesting to run this in the cloud as well, or on, as a managed service. Do you provide this as well? Is this awesome lean approach to have the actual solution, some kind of outsourced to a cloud service to managed service? Yes.
So we do have an on-premise offering that you run the rapid identity appliances within your virtual environment, VMware HyperV et cetera, but certainly we are recommending more and more. And, and we do offer hosted and managed service implementations. So it would be your it's your own identity management in the cloud, not multi-tenant, but the, the benefit of that is certainly around that agility, just as you said, Matthias in that question, or whoever asked that question by us, hosting it for you in the cloud, then that means you are left with focusing on the business.
We are left with focusing on the technology for you and utilizing cloud infrastructure to ensure that you're getting high availability, scalability, elasticity, you know, all of those things that are difficult and costly, and a lot of overhead for an organization attempting to, to implement that themselves on premise. Okay. So we are coming to the end of this, this webinar. Thank you for notifying that I hit the, the mute button. I would like to thank Troy for, for this interesting presentation. Do you want to add something to the, to the audience, Troy? Not really.
Other than again, I will be in Munich at, at the, the EIC conference. And so I hope to have the opportunity to meet some of you that attended and thank you very much for inviting us. Yeah. Thank you very much. Thank you as well to the audience for taking this hour for watching and, and, and, and listening to us, we would be happy to meet you in Munich for the EIC, and we will be very happy to have you again for another webinar. And if you recommend the recording of this webinar, that would be great as well. So thank you very much.
Thank you, Troy. Thank you to the participants and goodbye.
