Identity and Access Rights Management: Security and IGA Compliance

360° on Governance and Access Management

Authorize the right people to access the right resources, at the right times, for the right reasons.

Do not exclude any software or any actor.

Provision your IS in real time.

Identity governance administration IGA

Real-time mastery of 100% of accesses to your IS

Because ROK models your organizations and workflows with the same ease, it’s simple and fast to map and maintain the completeness of employee and partner accesses.

Map your application accesses

ROK offers you the simple collection, centralization, mapping, and orchestration of your users and applications, whether internal or external, regardless of the complexity of your organizations or the dispersion of your collaborators.

rok solution

Organization collection

organisation

+ Software inventory

applications

= Attribution matrix

cartographie applicative

Real-time monitoring and control

Every movement of employees, as well as any organizational changes, will update the rights matrix in real-time, perfectly integrated with your directories, HRIS, and existing ITSM tools.

64% of companies don’t have up-to-date application mapping, and the implemented ITSM tools only cover part of the scope… yet achieving 100% coverage of rights is possible in a short time.

Provision 100% of your application rights

You probably already have ITSM applications that allow you to accelerate and ensure the provisioning of your most critical application rights. However, your functional coverage is not always exhaustive, and its proper functioning requires discipline from your employees.

Because ROK orchestrates who’s who, so that any movement of an employee (internal or external) automatically triggers the update of appropriate access rights in your application solutions.

annuaire

Integration with your HRIS and electronic directories

interface glisser deposer

Automated utilization of your pre-existing ITSM workflows

procedure

Integrated creation of appropriate in, out, and move workflows to complement your coverage

provisionning

Make all your accesses systematic and real-time effortlessly, while maintaining what already works… without neglecting the complexity of your organization, your businesses, or your partner ecosystem.

Risk control and compliance​

risques conformite
SoD

Integration of SoD

Dynamic access and risk management thanks to ROK’s unique concept.

reporting

360° Reporting

Use every feature of ROK as a sorting or selection criterion.

risques

Risk mapping

Use APIs to report on the main BI tools in the market.

audit

Audit process

Create your own risk audit campaigns.

Manage permissions, SAP licenses, and SoD

Standardize and automate while reducing complexity… with ever-increasing security
autorisations

Authorization automation

sod monitoring

SoD controls monitoring capabilities

sap licenses

SAP license management

✓ Functional coverage: SAP IDM / Acces Control / SAP SoD
✓ Scope: SAP HR / SAP BPC / SAP Fiori / SAP ECC / SAP BW

Steering access to documents and processes

cycle de vie

Document lifecycle management

Tracking and updating documents to ensure their compliance.

ged

Secure access to the Document Management System

Access the appropriate documents in real time, regardless of the data source.

processus

Secure access to processes and operating procedures

Accès personnalisé pour chaque collaborateur à ses processus spécifiques.

carto ged

ROK Decoder: Your Questions, Our Answers!

The IAM has never been so clear.

There are several ways to approach the topic of security, what are they?

There are several approaches, each presenting advantages and disadvantages:

 

  • The restrictive methods that are Zero trust, the principle of least privilege (PMP) supplemented by PAM (Privileged Access Management). The advantage of these methods lies in the reduced attack surface exposure. The disadvantage resides in the complexity of implementation and maintenance but also in significant related costs combined with reduced performance.
  • Role-Based Access Control (RBAC), which simplifies management except in the case of complex environments in the absence of organizational data.

 

Additionally, we can add:

 

  • Dual control methods such as Multi-Factor Authentication (MFA) or Risk-Based Authentication (RBA) which is constraining for the first and complex for the second, which also requires continuous monitoring. Moreover, it is a method that does not suffice on its own.

 

If the RBAC method seems to be the most suitable, it quickly becomes apparent that given the size or complexity of the Group to be protected, its real-time update will pose a real issue, explaining why only 1/4 of companies are capable of producing an up-to-date application mapping within 48 hours.

How does ROK approach this topic? What method is used?

In ROK, access or permissions are granted to users based on their role within the organization, which simplifies permission management and improves security by limiting access to necessary resources.

 

This is close to RBAC (Role-Based Access Control); however, ROK goes beyond the notion of ‘role-based authorization’ and this is what makes it a unique offer that is simpler to implement and maintain, suited to complex environments with nuanced access requirements.

 

To fulfill this promise, ROK presents three specifics not found in other IAM market offers:

 

  • A merger of ‘authorization roles’ and ‘organizational roles’ which allows a single interface to integrate HRIS with IAM and automate iTsm.
  • Real-time and automated management of employee flows through its No-Code module.
  • Effortless integration of risks related to SoD (Segregation of Duties). Through its holistic approach, ROK will enable the use (interfacing) of preexisting tools in the company (IAM, directories, etc.) to orchestrate real-time information system security.

What effort is required to implement ROK?

ROK is a multi-tenant and multi-instance Cloud platform that can be served by a private or public cloud. Generally marketed as a SaaS for a unit cost of less than €5 per user, the platform’s provision is ‘instantaneous’.

 

Organizational setup is relatively quick if the information exists on one or more supports. The modeling of employee flows is simplified by AI and customizable to accommodate the specificities of important complex organizations.

 

A quick POC allows upfront validation of the effort to be produced for 360° coverage.

 

Daily maintenance is minimized and focused on organizational change (acquisition, merger, etc.)

What level of provisioning is allowed by ROK?

In the absence of preexisting tools (IAM integrating WF and/or iTsm tools like Service Now), ROK can provision any application presenting APIs through customized no-code flows.

 

ROK can also trigger an iTsm tool via APIs, for example, as soon as it automatically identifies a movement of employees or a business organizational change.

 

For instance, ROK automates the provisioning of SAP rights and advantageously replaces IDM by automating the update process and presenting the authorizations in IT language with its business translation.

 

In this particular case, ROK also carries the SoD aspect without additional cost.

 

This performance has been recognized by Atos, which is a distributor of this offer.

Get started now!