Situation:
When someone needs a new user account or additional access rights, they need to fill out a form, send it to whoever needs to approve it, and then pass it on to the security systems administrator. Depending on the sensitivity of the data and resources at stake, several different levels of approval may be necessary. To avoid errors and guard against fraud, the rule of checks and balances must be observed. Often, the owner of an object must give permission before any changes to the access rights to that particular object can be made. Multiplied by all the instances this can occur in a large organization, this means a lot of work.

Complications:
In the past, the procedures for granting access rights were purely manual – the in-house mail service was used to send written requests to the people concerned. Not much has changed today. The same procedures are running, but now they are based on electronic processes and databases. However, there's a lack of consistency in the way things are done: the requested changes aren't formulated in the "language" used by authorization systems across a multitude of platforms, so misunderstandings can arise in their implementation. These "misunderstandings" can't be traced by the auditors because the process of granting and implementing access rights has been decoupled from the process of requesting them. In end effect, it can be difficult to know whether the right privileges have been granted to the right people.

Solution:
Integrating an electronic request workflow into the system of cross-platform access rights management solves all of these problems. For example, the use of project-related user rights and the assignment of roles adds transparency. Once requests have gone through the proper channels, access rights are implemented automatically, speeding up the process and saving costs.
The SAM Jupiter IDM tool includes an integrated Workflow component that brings decisive benefits for access rights management.