SAM - Identity management software

vakbarát
Sign up | Forgotten password
E-mail
Password
 
hu | en
Please visit our new website.
"Never promise more than you can do"

St. Ignatius Loyola

Products

Coordinator Coordinator

Coordinator gives incomparable solution to planning, coordinating and logging tasks of complex business...

Revizor Revizor

Revizor system offers comprehensive functionality to help the planning and evaluation of audits, the recording...

SAM SAM

SAM offers a centralized, unified access management solution which is extensible to manage all IT systems in...

Training organizer Training organizer

Our training organizer system is able to register the special training demands of the firm’s staff. The s...

TÉR TÉR

TÉR is a central performance evaluation system, which focuses on measuring the supplying quality of the ...

SAM

SAM

SAM offers a centralized, unified access management solution which is extensible to manage all IT systems in the company using its quick and diverse rule-based configuration.

SAM 2.0


SAM is a centralized access management system, which keeps record about the access to the IT systems, provides an easy inquire process and logs the changes. The primary aim of SAM is to unify, simplify, centralize and make more effective the access administration of an IT system.

The basic term of SAM is the access, which is the ability for a user to reach certain functions of a given IT infrastructure.
The most important administration function of SAM is to handle the user’s request to access a resource.

Both the granting and the revoking of an access are handled in the system through by requests.

A request is always triggered by an event. An event is such a change or intent occurring in the real world which always has an effect to the user’s necessary and permissible access to the system. Access request can originate from an intent (a request by a user), or from an automated process (based on rules).

The rule can specify access based on a pre-defined criterion. If the criteria of the rule changes, then a request will be generated automatically in order to equate the rules and the granted accesses. A rule could be for example: “If an associate has a certain field of activity, then a specific access is to be granted”, or “If an associate has access to a specific system and if that associate is a member of the management as well then he/she has access to the SAM approval role”.

SAM supports several user roles.
Claimants can initiate access requests. Their scope can be defined dynamically by applying rules. Rules can reflect pre-defined specifications, but new specifications can be generated and used easily. A possible rule could be for example: “The claimant can request access to all systems belonging to her/his organization unit”, or “The claimant can request access to the defined systems”. A claimant can have more then one rule and in this case every rule is in effect.
The approval role’s task is to check and consider the access requests. A rule can be made for a specific access in order to define who has to approve it. A possible rule can be for example: “Access approval must be made by the requester’s principal”, or “Access approval must be made by personnel having access to the specific system”.
Executors are doing the maintenance of accesses in the registered systems. Connectors can take over the task of executors.
The IT security role’s task is to configure the methods of the access requests, for example: who should have the approving role for a given access requests. Request can be initiated for any employee of the organization.
System administrators are maintaining the availability of the application and they are administering all user related data.
The co-worker role is granted for everyone, who is registered in the SAM database. Co-workers can manage their own personal data, they can for example modify their password, they can request a status report about the accesses they have and also any request in process can be viewed. Furthermore a couple of self-service function can be initiated as well.

Rules can be applied to the system. Based on these rules automated request can be generated, thus granting and revoking a user access becomes much more transparent and easy.
 
System operation

The basic notion of managing user access requests is to handle different type of accesses (granting, revoking) in a unified, configurable way. Templates can be defined for the possible requests. The process of access handling can is configurable with the templates, for example the approving persons and the rules for notifications. With the choice of a template and with the entry of the needed data the request is defined.
Depending from the configuration the request can be authorized, then manually or automatically executed. The involved persons are getting a notification as defined in the template.


The use of connectors
The system can connect with standard connectors to widely deployed applications, but at the same time a new connector can be created for any application, which provides the possibility of an external connection. Also the structure of the application must be known.
In one hand, connectors are providing the ability to immediately execute an authorized request, but on the other hand they are the tools to compare the accesses registered in SAM and present in the system.

Reports, statistics
Every access granted to a user can be listed – even retroactively - based on the information stored in SAM.

Organization hierarchy
The organizational hierarchy can be built up in SAM, furthermore the employees can be placed within the hierarchy.

Benefits

  • SAM has a centralized access management, but the administration is multi level, thus it raises the effectiveness of authorization request handling.
  • Access requests can be handled in a unified structure independent from the execution, only the steps of the executions are different, thus authorization request handling becomes unified.
  • A step-by-step, system-by-system introduction is supported; therefore a gradual and fast implementation is possible.
  • Even fully automated request procedures can be handled by defining rules and creating assigned templates.
  • The administration process can be automated with the use of connectors, thus the fulfillment becomes more fast and reliable.
  • ·    The access handling of a given system can be changed with the introduction of a new connector, which in turn leads to flexible administration.
  • SAM stores access granting related data together with the date of the action, thus retroactive enquires about accesses are possible. Furthermore important steps of access handling are logged, like date of creation, granting and fulfillment, and denials as well.
  • The access template can be configured in a flexible way, thus the access allocation becomes safer. Approving persons can be defined by rules, even with the possibility of multi level granting.

 

 
Back + Up +

ujma

  Our company | Products | Services | News | Partners | Contact | Support
Online marketing advisor: STandard-Team Kft. Website building, search engine marketing, search engine optimization: Abfox Ltd.