• Manage compliance using automated access certifications and policy management
• Empower users to request access and reset passwords independently
• Automate provisioning across the user lifecycle by simplifying processes for creating, modifying and revoking access
• Enable secure, yet convenient access to any application, from any device

• Provide on-demand visibility into “who has access to what” to help make business decisions and meet audit requirements
• Enable users to easily sign-on to web and SaaS applications without having to remember multiple passwords
• Gain more visibility into all user access from the datacenter to the cloud and proactively enforce risk- appropriate governance controls

IdentityIQ provides a fully automated, repeatable certification process and tracks and reports on the status of certifications by individual, application and organizational groups. IdentityIQ automates all        access certification task including formatting of user role and entitlement data into easy-to-read, business- oriented reports; routing of reports to the appropriate reviewers; tracking reviewer progress and actions; and archiving certification reports and data

IdentityIQ makes it easy for business and IT managers to define access policy across roles and entitlements using point-and-click  interfaces. IdentityIQ validates users’ existing access privileges against a wide variety of policy types, including entitlement and role separation-of-duty (SoD) policies, application/account-based policies, activity policies and risk-based policies.

IdentityIQ enables compliance administrators, auditors and business managers to get the information they need on-demand from reports and personalized dashboards with data presented in a simple to use, business-friendly format. IdentityIQ also provides advanced analytics that allow for direct, customized queries, along with integration to third-party reporting and GRC tools

IdentityIQ provides a user-friendly solution for managing access requests. Users are guided to the right access through the IdentityIQ Request Advisor, which leverages Google-like keyword search and affinity-based search options that locate privileges based on what other business users have. Once users have selected access to request, they can review their shopping cart and check out using an intuitive e-commerce interface.

Users can self-manage passwords from its business-friendly interface, greatly reducing calls to the help desk and IT support. End users can automatically change passwords across multiple systems or recover forgotten passwords by correctly answering challenge/response questions, and managers and administrators can reset end user passwords

By allowing organizations to request, approve, define policy and certify access using business roles rather than low-level technical entitlements, the IdentityIQ Role Model reduces complexity and simplifies user adminis- tration while enforcing “least privileged” access. With a combination of top-down, business-oriented role mining and bottom-up  IT role mining, business and technical users can quickly create roles that accurately reflect the organization’s  business and IT requirements.

The Risk Model locates and identifies areas of risk created by users with inappropriate or excessive access privileges. It provides a dynamic risk model, for both users and applications, which leverages patent-pending risk algorithms to calculate and assign a unique identity risk score for each user, application and system resource. The risk score is updated continuously based on changes to the user’s access privileges, as well as “compensating factors,” such as how recently the user has been certified and whether a policy violation has been allowed as an exception. By leveraging risk scores, managers and application owners can target the highest-risk users or systems first, improving the effectiveness of controls for their departments and, ultimately, the security and compliance of the business

IdentityIQ provides a flexible Connectivity Foundation with pre-built integration to over 80 cloud and on-premises resources, along with integration options for other provisioning vehicles, such as third-party provisioning tools, service desk systems, and even manual provisioning processes. IdentityIQ seamlessly orchestrates how changes get fulfilled across multiple fulfillment mechanisms, giving organizations maximum flexibility to provision changes in whatever way they choose.