IGA

The organizational chart defines who does what.
The IGA defines who has access to what.

The organizational chart defines who does what. The IGA defines who has access to what.

ROK dynamically orchestrates roles, identities, and access rights in perfect alignment with your organizational structure.

When the organizational chart evolves, access follows.

What happens when access
does not follow the organization

In most companies, access rights accumulate. Each role change leaves traces.

Tools Accesses multiply.

No one truly leaves the information system, and no one knows it.

The usual symptoms symptoms

Employees accumulate rights from successive roles over the years.

Orphan accounts remain active after unprocessed departures.

IT cannot answer the audit question: “Who has access to what?”

SoD (Segregation of Duties) are not monitored in real time.

Provisioning is manual, slow, and a source of errors and IT tickets.

Compliance (SOX, GDPR, ISO 27001) is impossible to demonstrate properly.

What it costs costs

Risk of internal fraud due to the accumulation of excessive access rights.

Additional cost from unused application licenses (notably SAP).

Exposure during regulatory audits and certifications.

Massive operational burden for IT and security teams.

Slow onboarding and offboarding processes that hinder operations.

Shadow IT: critical access granted outside of procedures.

Access governance anchored
in the reality of your organization

ROK is the only tool that connects the real organizational structure to access governance. No theoretical roles. Access rights follow real responsibilities.

Mapping

Complete, real-time visibility of who has access to what across the entire information system.

Provisioning

Automatic assignment and revocation of access rights with every organizational change.

Compliance

Continuous SoD monitoring, full traceability, audit-ready at any time.

Control in real time
100% of your information system

Who has access to what. Immediate answer.

ROK provides a complete and dynamic mapping of access across your information system.

Each application, each resource, each access right is visible, linked to the employee who benefits from it and to the role that justifies it.

The mapping is not a snapshot. It updates in real time with every organizational change recorded in the ROK organizational chart.

Application access | mapping

View by employee

all their active access, its source, and its justification.

View by application

all authorized users and their level of access rights.

View by role

access linked to each position in the organizational chart.

Automatic detection

of orphan access and anomalies.

The direct link with the ROK organizational chart eliminates “ghosts”:

any access without an active position

is immediately flagged.

The direct link with the ROK organizational chart eliminates “ghosts”: any access without an active position any access without an active position
is immediately flagged.

Real-time | control.

Central dashboard

active access, at-risk access, access pending review.

Automatic alerts

on anomalies and violated SoD.

Full history

of assignments, modifications, and revocations.

Accessible ATAWADAC

Any Time, Any Where, Any Device, Any Content.

Provision 100%
of your application access rights

Each change in the organizational chart triggers the appropriate access rights.

This is the core of ROK IGA’s value: provisioning is no longer a manual process.

It is directly driven by organizational events.

When an employee joins the company, changes role, or leaves, it is the change recorded in the ROK organizational chart or the assigned tasks that triggers the automatic assignment or revocation of the corresponding access rights.

Onboarding Onboarding

The new employee automatically receives all access rights linked to their role as soon as they are integrated into the organizational chart.

MOVE

Internal mobility Internal mobility

Role change = revocation of previous rights + assignment of new ones. No IT ticket, no delay.

OUT

Offboarding Offboarding

Employee departure = immediate and exhaustive removal of all their access rights in the information system.

What ROK provisions |

Application access

ERP, CRM, HRIS, business tools, internal applications.

Document access rights

DMS, SharePoint, shared drives.

Process access

workflows and apps created in ROK Hyperautomation.

Application licenses

automatic assignment and release based on the active role.

SAP rights

profiles, roles, authorizations, and SoD managed natively.

Risk control
and compliance

Audit is no longer an event. It is a permanent state.

ROK IGA transforms compliance from a one-time constraint into a continuous posture.

Controls run continuously, evidence is generated automatically, and deviations are flagged in real time.

What ROK controls |

Segregation of Duties (SoD)

real-time detection of access conflicts.

Periodic access reviews

automated campaigns with managerial validation.

Privileged access

enhanced monitoring of sensitive accounts.

Full traceability

every assignment, modification, and revocation is timestamped and auditable.

Compliance and reporting

reports generated on demand (SOX, GDPR, ISO 27001, NIS2).

Manage authorizations,
SAP licenses and SoD

ROK speaks SAP fluently.

SAP is the most complex application to manage in terms of access rights.

SAP profiles are numerous, SoD conflicts are frequent, and licenses are costly when poorly assigned.

ROK was designed to solve this problem natively.

SAP authorization | management

SAP profiles and roles are managed directly from ROK, without going through SAP GUI.

SAP SoD allows detection and blocking of authorization conflicts before provisioning.

SAP licenses are automatically optimized based on real access and HR movements.

SAP audit is based on a complete history of profile assignments, ready for controls.

License | optimization

Automatic identification of unused or underutilized licenses.

Immediate release upon departure or role change.

Smart reallocation based on real needs.

Real-time cost/usage dashboard for SAP licenses.

Reducing unused SAP licenses by 20 %

often generates savings that fully finance the entire ROK project.

Automate and secure SAP access
with ROK

The example of Elis in a context of international growth.

“We hoped for this level of automation, but we did not dare to imagine it.”

Virginie Trojman

Head of Business Applications, Elis

Elis transformed the management of its SAP access by relying on ROK to automate access assignments, centralize roles, and secure processes at scale.

Present in 28 countries with 45,000 employees, the group now manages its SAP authorizations in real time, ensuring compliance, speed, and cost control.

Cost reduction

0 x

Fully automated SAP access administration.

Faster timelines

0 x

SAP authorizations delivered much faster.

Integration

0 %

Full connection with SAP systems (CUA or direct).

Support cost

< € 0 / Mo

Lower than SAP Access Control.

Does a real use case speak to you? speak to you?

Does a real use case speak to you?

Beyond applications:
documents and processes

Les accès ne s’arrêtent pas aux applications.

Document (DMS) | access

Access rights to folders and documents related to the role.

Automatic inheritance of document access rights during a role change.

Tracking of consultations and modifications on sensitive documents.

Management of temporary access and delegations.

Business process | access

ROK workflows (created in Hyperautomation) inherit IGA roles.

Each process step is accessible only to authorized roles.

A role change revokes access to the processes of the previous role.

Unified view of application, process, and document access rights.

This is where the loop closes:

Hyperautomation creates

processes.

The organizational chart structures

roles.

IGA governs

who has access.

One single tool. One single tool. One single source of truth.

Show us your latest access review campaign.

We show you how ROK replaces it with a continuous and automated process.

Learn more: Dynamic orchestration of roles, identities, and access

Dynamic orchestration of roles, identities, and access: secure your applications and your IGA

Dynamic orchestration of roles, identities, and access has become a strategic necessity for organizations seeking security, compliance, and agility. As IT infrastructures become increasingly hybrid and distributed, identity management can no longer rely on manual processes. It requires an automated, intelligent, and continuous approach that can adapt to evolving roles, users, and regulatory requirements.

With strong governance, each user is assigned rights based on their role, responsibilities, and environment. This logic is built on proven models like RBAC (Role-Based Access Control), enhanced by dynamic layers such as ABAC (Attribute-Based Access Control) and PBAC (Policy-Based Access Control). These mechanisms enable granular and contextual access control, taking into account user roles, attributes, and security policies.

The goal is to limit excessive privileges, ensure Separation of Duties (SoD), streamline access, and reduce risk. With IGA, companies can automate the entire user lifecycle—from onboarding to access revocation. Automated access provisioning keeps permissions up to date in real time while maintaining regulatory compliance.

This is an essential approach aligned with the principles of hyperautomation (workflow orchestration, BPM, RPA, AI, no-code).

Dynamic orchestration of roles, identities, and access: automated management, continuous security, native compliance

Dynamic orchestration of roles, identities, and access relies on real-time tools for traceability, auditing, and supervision. It ensures identity and access governance in complex environments, while complying with standards such as GDPR, ISO 27001, and NIS Directive. Every user action is logged, every permission is auditable, and every exception is traceable.

Access certification can be performed at regular intervals without administrative overhead. Real-time IT access management functions allow rights to be granted or revoked based on activity, risk, or status changes. This level of precision is essential for reducing unauthorized access risks and mitigating insider threats.

Built-in access audit and traceability tools enable the automatic generation of actionable reports, aligned with regulator expectations. This capability is further strengthened by directory synchronization (AD, LDAP, Azure AD), ensuring consistency across identity sources—even in multi-domain or multi-entity environments.

This automation can be activated from the moment of integration with an onboarding automation and access management module, ensuring a secure lifecycle from day one.

Dynamic orchestration of roles, identities, and access: a lever of agility for ERP and business teams

Dynamic orchestration of roles, identities, and access goes beyond IT. It directly impacts business functions, critical applications such as ERP and SAP, and field users. Thanks to native integration with business information systems, the platform automatically adjusts rights, permissions, and roles according to the user’s actual role. This helps reduce shadow IT and strengthens operational efficiency.

Advanced features allow business access to be managed in line with established security policies. Each role can be simulated, tested, and validated before being assigned. Risk-based access management policies allow permissions to be adjusted based on contextual events—such as login from a new device, department changes, or unusual activity. The system can trigger alerts, blocks, or multi-level approvals.

The interface provides clear visibility into user identification, session management, and access history. It also supports native multi-factor authentication or integration with third-party solutions, ensuring secure remote access. This dynamic management helps reduce operational costs while enhancing both the user and security team experience.

This automated access control is also fully compatible with role automation and access management solutions for ERP and SAP.

Dynamic orchestration of roles, identities, and access: centralized governance, tailored policies, and multi-domain strategy

Dynamic orchestration of roles, identities, and access enables a centralized yet flexible identity governance strategy. It adapts to decentralized structures, multi-site organizations, and international groups. The model is based on customizable policies that can be applied by entity, department, or scope of action. It allows organizations to meet all regulatory requirements without added complexity.

Each entity can define its own access security policies while adhering to the standards set by the IT department or the CISO. The integration of identity management systems ensures consistency across application layers and enables smooth identity management across multiple directories. This flexibility is key to supporting IT change management projects, mergers, or structural transformations.

All these capabilities can be enhanced with sector-specific connectors. For example, in the banking sector, access security and regulatory compliance for financial institutions is strengthened by specific policies for traceability and risk management.

For such needs, direct integration with the dedicated solution for access security and regulatory compliance for financial institutions provides a proven and adaptable framework.

For a comprehensive strategy, organizations can rely on dynamic role and access management for secure IT governance to model tailor-made IAM processes that are secure and aligned with specific business contexts.