How Enterprises can Bridge Security Gaps using Low-Code Platforms

Posted by Aditya Taneja on Fri, Aug 11, 2023

 

 

Bridge Your Security Gaps Today!

Tags: Active Directory, IAM, Virtual Directory, Access Governance, cloud security

Enhancing Identity Governance in Zero Trust Environments: The Power of Proxy Models and Workflows

Posted by Aditya Taneja on Mon, Jun 19, 2023

In the realm of cybersecurity, the Zero Trust model has emerged as a robust framework for enhancing security. A key aspect of this model is effective identity governance, which can be significantly streamlined and made more efficient through the use of proxy models and workflows.

Today we'll be exploring how these tools can be leveraged to bolster security and efficiency in identity governance within Zero Trust environments.

What are Proxy Models?

Proxy Models in identity governance can be likened to gatekeepers in a business organization, ensuring that only authorized individuals gain access to sensitive resources. Just as a gatekeeper verifies the identity and permissions of individuals before granting entry, proxy models act as intermediaries between users and the systems they wish to access. They authenticate and validate user identities, ensuring that only authorized personnel are granted appropriate access privileges.

_7ba07d58-118f-40e8-b9a1-a0626dc436a7

The Power of Proxy Models

Proxy models provide a powerful tool for managing identities in a Zero Trust environment. By acting as an intermediary between users and resources, proxy models can enforce strict access controls, ensuring that users only have access to the resources they need. This approach significantly reduces the attack surface and helps to prevent unauthorized access.

Moreover, proxy models can help to alleviate some of the challenges of the cybersecurity labor shortage and skills gap. By reducing the need for costly IT staff with specific knowledge and training in each of the proxied systems, proxy models can help organizations to manage their resources more efficiently.

By implementing proxy models, businesses can establish a robust and secure system where user actions are monitored and controlled, mitigating the risk of unauthorized access and potential data breaches. Think of proxy models as vigilant guards, protecting your business assets and maintaining the integrity of your identity governance framework.

The Efficiency of Workflows

Workflows, particularly those that are automated, can greatly enhance efficiency in identity governance. By automating routine tasks, workflows can reduce the time and effort required to manage identities, freeing up IT staff to focus on more strategic tasks.

For instance, consider the process of onboarding a new employee. An automated workflow could streamline this process, ensuring that the new employee's identity is properly set up across all necessary systems. This not only saves time but also reduces the risk of errors that could lead to security vulnerabilities.

Practical Strategies for Implementation

Implementing proxy models and workflows in identity governance involves several key steps. First, organizations need to identify the resources that need to be managed and the users who will need access to these resources. Next, they need to define the access controls that will be enforced by the proxy models.

Once the proxy models are in place, organizations can then develop workflows to automate routine identity governance tasks. These workflows should be designed to be flexible and adaptable, allowing for changes in the organization's needs and circumstances.

Today, most modern Identity Governance Platforms such as EmpowerID, are equipped with the requisite toolsets to implement these robust policy frameworks. Developing and integrating these systems separately might require significant planning, resources, and expertise for most organizations; instead opting for a modern Identity Platform that easily integrates with your enterprise's existing applications might be the way to go forward. The flexibility to easily handle on-prem, cloud, and even hybrid workflows paired with the ability to integrate with Microsoft 365, SAP, ServiceNow, SalesForce, etc creates an extremely compelling offering for any organization looking to manage their identities. 

Conclusion

Proxy models and workflows offer powerful tools for enhancing security and efficiency in identity governance, particularly within Zero Trust environments. By implementing these tools and techniques, organizations can streamline their identity governance processes, improve their security posture, and better manage their resources. As the cybersecurity landscape continues to evolve, such strategies will be crucial for maintaining robust security.

Tags: IAM, Group Management, Virtual Directory, Access Governance, cloud security, iga

MiMvsEmpowerIDArticle

Posted by Aditya Taneja on Wed, May 24, 2023

Microsoft Identity Manager (MIM) is a legacy identity management solution that has been around for a while. Organizations have been leveraging Microsoft Identity Manager (MIM) to centrally manage user identities, automate user provisioning and de-provisioning because of its relatively easy integration within the Microsoft Ecosystem. While it has served many organizations well, it lacks some of the essential features that modern identity management software offers.

Here are a few of the key features that MiM is missing compared to modern identity management solutions:

  1. Cloud-First Approach: 

    MIM was designed for on-premises environments, and while it can be extended to support cloud-based environments, it lacks the cloud-first approach that modern identity management solutions offer. This can make it challenging to manage hybrid environments or to take full advantage of the cloud's scalability and flexibility.
  2. Flexible Identity Models: 

    MIM relies heavily on the Active Directory schema, which can limit its flexibility when it comes to managing non-AD identities such as contractors, partners, and customers. Modern identity management solutions offer more flexible identity models that can accommodate a wider range of identity types and sources.
  3. Self-Service Provisioning:

    MiM requires significant manual intervention for account provisioning and access request workflows. Modern identity management solutions offer self-service capabilities that enable users to request and manage their own access, reducing the administrative burden on IT staff.
  4. Access Governance: 

    MiM offers basic access control functionality but lacks the more advanced access governance features found in modern identity management solutions. This includes capabilities such as entitlement cataloging, risk-based access certification, and access analytics.
  5. User Experience:

    MIM's user interface is complex and challenging to use, MiM’s frustrating User Interface is a common gripe amongst all its customers. Modern identity management solutions offer streamlined user experiences that are more intuitive and user-friendly, reducing the learning curve and improving user adoption.

EmpowerIDvsMiMs

In summary, while MIM has been a reliable identity management solution for many organizations, it lacks some of the essential features that modern identity management solutions offer. If you're looking for a more flexible, scalable, and user-friendly identity management solution, it's time to consider upgrading to a modern identity management platform such as EmpowerID.

EmpowerID is a next-generation identity and access management platform that provides unparalleled flexibility and scalability. With EmpowerID, you can easily manage identities, applications, and resources across your entire organization, regardless of size or complexity.

Here are just a few reasons why you should consider moving to EmpowerID:

  1. Greater Flexibility: EmpowerID offers a highly configurable platform that can be customized to fit your organization's unique needs. With our flexible architecture and robust API, you can easily integrate EmpowerID with your existing systems and workflows.
  2. Improved Security: EmpowerID provides comprehensive security features, including multi-factor authentication, role-based access control, and privileged access management. With EmpowerID, you can ensure that your organization's sensitive data and resources are protected from unauthorized access.
  3. Simplified Administration and Self-Service: EmpowerID's intuitive user interface and streamlined workflows make it easy for administrators to manage user accounts, access requests, and other identity-related tasks. With EmpowerID, you can reduce the administrative burden on your IT team and improve overall efficiency.
  4. Better User Experience: EmpowerID offers a seamless user experience, with a single sign-on portal that provides easy access to all of your organization's applications and resources. With EmpowerID, your users can enjoy a streamlined, hassle-free experience that improves productivity and reduces frustration.

So if you're looking for a powerful, flexible, and easy-to-use identity management solution, look no further than EmpowerID. Contact us today to learn more about how EmpowerID can help you take control of your organization's identity and access management needs.

Upgrade from Microsoft Identity Manager Today!

Tags: Active Directory, authentication, IAM, Access Governance, 2-Factor, authorization, Azure security

Say Goodbye to ActiveRoles - Upgrade Your Identity Management with EmpowerID

Posted by Aditya Taneja on Wed, Apr 05, 2023

If you are an ActiveRoles user, you know the value of a powerful and flexible Active Directory management solution. But as IT environments become more complex and diverse, managing identities and access across multiple systems and platforms requires a more comprehensive approach.

A modern Identity Governance solution provides more diverse features that understand the growing complexities of modern IT environments enabling deeper use cases than what you'd be limited by Quest Active Roles. While it provides many useful features for managing AD, it has quite a few limitations compared to other AD and identity governance platforms.

One of the biggest game-breakers with Active Roles is that it offers very limited functionality for Cloud users. While in theory, Quest can manage cloud users, but only to an extremely limited extent. The tool allows you to create and provision an AD user to a cloud system. However, the cloud system objects aren't inventoried and managed in the user interface, and you always need to have an AD user as your starting point for management.

This limitation can be problematic for organizations that rely heavily on cloud-based systems, as it creates an additional layer of complexity that may not be necessary. Without proper inventory and management of cloud-based users, organizations may struggle to maintain security and compliance standards.

EmpowerIDvsQuestActiveRoles-1

Aside from this, here's a list of a few more of these limitations for Quest ActiveRoles:
  1. Restrictive reporting and analytics capabilities:

    Quest ActiveRoles provides limited reporting and analytics capabilities, limited to just Users and Groups, as compared to other IGA Platforms that can provide in-depth and comprehensive analytics on every single AD Attribute. This severely limits you from getting a complete picture of your identity and access management activities.

  2. Neglible support for non-Microsoft platforms:

    Quest Active Roles is designed to work only with Microsoft Active Directory environments and does not support other directory services. This can be a significant limitation for your organization if you use a mix of different platforms, such as Unix or Linux. 

  3. Limited integration with other Systems and IAM solutions:

    Quest ActiveRoles does not integrate well with other IAM solutions, making it difficult for organizations to implement a comprehensive identity governance program. Active Roles also is limited to just being able to manage only your Active Directory, providing no way to manage users on other Systems and Applications. 

  4. Finite automation capabilities:

    Quest ActiveRoles does not provide extensive automation capabilities, which can make it difficult for organizations to automate repetitive tasks and workflows. Users will have to rely on writing scripting to complete tasks, which, when managing directories with millions of groups, objects, and users, can make even small tasks take exponentially longer and more expensive.

  5. Lacking Cloud readiness:

    ActiveRoles Server was designed to work with on-premises Active Directory environments, which is not ideal for organizations that are moving to the cloud or adopting hybrid environments. A modern Identity Management solution offers better cloud-ready features, such as support for multi-cloud environments and identity as a service (IDaaS) capabilities, reported missing in Quest ActiveRoles. 

  6. Lacking essential Identity features:

    ActiveRoles Server lacks advanced features like identity governance, access certification, risk-based access control, and identity analytics that are essential for modern organizations to manage identity and access in complex environments. Self Service features such as Access Requests and Password Resets are shown to have saved organizations millions of dollars in helpdesk costs and are seen as a must for any good IGA platform.

EmpowerID offers a modern, web-based solution that goes beyond Active Directory management to provide full Identity Governance and Administration, Access Management, and Privileged Access Management capabilities. With EmpowerID, you can manage identities and access across on-premises and cloud-based systems, applications, and platforms, including Microsoft Azure, SAP, Oracle, and more.

EmpowerID's True Zero Trust administration for Azure and other platforms allows for fine-grained access controls and risk management, and its low-code identity orchestration engine allows for easy automation of complex business processes. EmpowerID's powerful RBAC and PBAC hybrid authorization engine provides efficient and flexible administration and runtime policy enforcement.

Not only does EmpowerID offer advanced capabilities beyond Active Roles, but it also offers the convenience and scalability of a modern SaaS platform. EmpowerID's modular licensing allows you to add or remove features as your needs change easily, and its cloud-based deployment means you can manage your identities and access from anywhere.

Don't settle for less with ActiveRoles - Make the switch to EmpowerID and experience the power and flexibility of a modern, web-based Identity Governance and Administration solution that goes beyond Active Directory management.

If you'd like to read more about Cloud Ready Identity Governance Platforms, we'd recommend our Whitepapers on these subjects: Siemens Case Study, Cloud Infrastructure Entitlement Management (CIEM) Report

 

Upgrade from ActiveRoles Today!

 

Tags: Active Directory, IAM, Virtual Directory, Access Governance, cloud security

2022 Gartner® Peer Insights Review Guide for EmpowerID’s Identity Governance and Administration

Posted by Aditya Taneja on Mon, Dec 26, 2022

gartnerreview

Gartner Peer Insights is the market-leading peer-review platform by Gartner for comparing and rating enterprise technology solutions to ease decision-making making journeys for buyers.

We’re incredibly excited to share that EmpowerID ranks among the industry’s leading best-of-suite Identity Governance and Administration (IGA) providers on Gartner's Peer Insights.

More than 50% of our customers have given us a full 5 STAR recommendation on the peer-review website. Let’s see what they have to say about us!
gartnerreviewdivider

"Simple and Easy to use Identity Management & Cloud Security Platform."

 

“EmpowerID - One of the Best Application Provisioning Platforms in the Market.”

 

"We have been able to accomplish more in 6 months with EmpowerID than in 2 years with our previous IAM platform."

 

“Flexible Pricing and Cost-effective

 

“Ahead of its competitors in many things like its Quick Customer Support.”

“I like that it has increased our Workflow Efficiency.”

gartnerreviewdivider

Read on Gartner to see what other customers think about EmpowerID's low-code orchestration platform!Read the Reviews

EmpowerID has consistently emphasized our customers' needs in our products. We know that when they succeed with EmpowerID, we succeed. In this past year, as the vast majority of companies shifted towards remote work, EmpowerID was not only their partner to ensure a smooth and secure transition but also a guide in accelerating their digital transformation journey.

Our end-to-end support, starting from the platform itself and extending down the line to the entire Deployment support, is designed to ensure that our customers achieve the fastest time to value and grow their return on investment with EmpowerID right from Day One. Our products, such as Azure License Manager and Azure SCIM VDS, reflect all these ideals.

Identity Governance and Administration (IGA)

In Gartner’s Words, IGA or Identity Governance and Administration refers to managing Access rights for Individuals, Roles, Groups, and identity repositories within organizations, both on-premises and in the cloud. Ensuring appropriate access to resources across highly connected IT environments.

For an IGA platform, it is necessary to have a broad array of capabilities in order to meet the needs of the ever-growing complexities of modern organizations and IT Systems, these features that complete an IGA Suite are: Identity life cycle management, Entitlement management, Support for access requests; Workflow orchestration; Access certification Provisioning via automated connectors and service tickets; Analytics and reporting.

In 2020, Gartner chose to retire it’s incredibly viral Magic Quadrant for IGA. This was because the Magic Quadrant is designed to capture the most significant innovations in a particular market, but since IGA has already had it’s exponential growth phase, and has reached a state of maturity, it has made measuring improvements much more, but that doesn’t mean that growth has stopped. With the shifting of existing work models in the post-COVID world, IGA has seen growth and expansion to previously unimaginable heights.

IGA today has expanded and adapted to manage increasingly complex Identities spanning across different cloud platforms to provision access and entitlement of the vast repertoire of applications that modern enterprises use today in their ever-expanding workflows.

You can learn more about how EmpowerID competes in these ever-expanding domains in this all-new 2022 Leadership Compass Report by Kuppinger Cole, which examines the market for solutions that increase security in business application environments for managing cloud entitlements—measuring the growth of IGA and Access Management platforms beyond the traditional limit of imagination, taking a much more abstract and out-of-the-box approach to evaluate the needs of modern enterprises.

Check it out in the link below.

DREAM CIEM

 

Tags: authentication, IAG, IAM, Identity Management, Identity and Access Management (IAM), cloud security, Magic Quadrant, Gartner

KuppingerCole Names EmpowerID as a Leader in Identity as a Service (IDaaS)

Posted by Bradford Mandell on Thu, Aug 17, 2017

9e58b0526a1a7b1ef541768df7d7.pngKuppingerCole, a respected global analyst focused on Information Security, examined 24 vendors in the Identity as a Service, Business to Enterprise market (IDaaS B2E) market.  EmpowerID was named as a Product Leader, a category which ranks vendors by functional strength and completeness of solution.  KuppingerCole stated in the report that EmpowerID "delivers a very broad feature set for Identity and Access Management, going well beyond Identity Provisioning but with tight integration to these core features."

KuppingerCole further recognized EmpowerID as an Innovation Leader, a measure of the platform's support for "leading-edge new features which deliver emerging customer requirements," and finally as an Overall Leader which measures leadership across all the factors they evaluate.

KuppingerCole noted that EmpowerID "takes a unique approach to IAM/IAG. It is built from scratch on a Business Process Management/Workflow platform" and the ability to modify and create visually designed workflows, "allows for great flexibility, while the product also delivers a broad set of out-of-the-box features."

Among top product leaders, EmpowerID differentiates itself by its innovative "everything is a workflow" approach to Identity and Access Management. Of EmpowerID, KuppingerCole stated "EmpowerID is a very interesting and innovative solution. It provides a well thought-out and flexible approach for Cloud IAM/IAG with strong Identity Federation and authentication support."

KuppingerCole also assigned EmpowerID the strongest ratings possible for the security, interoperability and usability subcategories of the Leadership Compass report.

The strength of EmpowerID's industry leading Identity and Access Management, Governance and Privileged Access Management feature set is derived from its all-in-one approach. It uses a single codebase, a common management console, and modern HTML5 adaptive user interfaces to combine high scalability and performance into a superior user experience. EmpowerID offers an Identity Warehouse to manage employee, partner, and consumer identities which are automated and secured by an Adaptive Authentication Engine, a powerful RBAC/ABAC engine, and over 750 out of the box workflows.

The breadth of EmpowerID's platform allows enterprises around the globe to extend their boundaries and to manage internal and client identities in on-premise, Cloud and hybrid environments.



To learn more about EmpowerID's strong, unique offering for business to employee IDaaS needs, read the full report: http://info.empowerid.com/download-the-free-kuppingercole-idaas-b2e-report-www

Tags: IAM, Federation, Identity and Access Management (IAM), IDaaS

Data breaches continue to grow in Healthcare sector

Posted by Chris Hayes on Tue, May 26, 2015

Internal employees continue to pose biggest risk in security breaches.

Screen Shot 05 26 15 at 10.13 AM resized 600

Latest Experian security forecast - Cost of breaches in the healthcare industry could reach $5.6 billion annually.

How will the next identity spill happen?  The latest Experian data breach industry forecast points to your employees being the biggest threat.  Stronger external authentication and tighter protocols continue to miss the mark.  Employee negligence will continue to be the leading cause of security incidents in 2015.

Experian goes on to state that Healthcare breaches will continue to grow this year.  With the huge challenge of securing such a significant amount of data, the problem becomes even more serious when organizations are faced with a shortage of internal expertise.  With the majority of breaches originating from inside company walls, the report clearly indicates business leaders need to fight the root cause of data breaches rather than buy the latest security widgets.

What are some steps that you can take in your organization to prevent the next identity spill?

Preforming regular certification/attestation of access – At any time you need to be able to snapshot the access granted to a resource by roles, locations and person accounts.  Security assignments should be automated, but access should be certified and routed to an appropriate authorized person for review.  This review should verify the access and certify if it is valid or not.  A tool like EmpowerID makes certifications easy for the organization with scheduled certification and attestation policies that can be run and audited.

Implement automated provisioning/deprovisioning – Role based or attribute based access needs to be automatically and immediately provisioned or deprovisioned.  When an employee’s role changes, the resultant set of access needs to be calculated instantly.  Some application and resource access will be taken away and some will be granted.  Absence of role based deprovisioning is a root cause of an employee having too much access.  EmpowerID takes provisioning to the next level by allowing you to provision and deprovision based upon roles in the organization.

Implement RBAC & ABAC controls - You need an RBAC/ABAC engine to continuously evaluate how much access someone should or shouldn't have.  EmpowerID uses a hybrid approach with RBAC and ABAC adding in rules and even Separation of Duties enforcement.

Control access to applications via a central identity provider - Having users log into apps with a separate username and password is a recipe for disaster.  An IdP allows you to centrally validate someone’s identity and then assert that identity into applications wherever they are.  The EmpowerID IdP allows employees to search for applications that are granted for their role, removes ones that are not granted and provides the SSO into the application.

Provide Self-Service password reset - Let's face it, this not only tightens up security, but saves a lot of money.  EmpowerID provides full detailed audit trails of anything account related such as who changed the password, who approved it and more.

Implement strong authentication, regardless of the application - There are a lot of ways to get into your network.  The VPN, the email server and SaaS applications are all exposed entries into the protected network.  Do they all have the same authentication capabilities?  You need an authentication service that supports all the protocols, not just those most used.  EmpowerID can step up authentication at any level for any service.  The VPN, the routers, the SaaS apps, SharePoint, it doesn't matter.

The bottom line is this, an ounce of prevention is better than a pound of cure.  According to Experian the average cost per lost record is just under $200 dollars, with average total impact cost to your organization just under $4 million.  Click through below and let us show you how easy it is to automate access and control privilege in your environment.

Request a Demo

Tags: GRC, authentication, IAG, IAM, Identity and Access Management (IAM), Access Governance

AWS & Azure the new access management silos, says Patrick Parker @ EIC 2015

Posted by Chris Hayes on Wed, May 06, 2015

20150505 171359

“Organizations need to have the tools to manage these new access silos,” he told the opening session of the 2015 European Identity & Cloud (EIC) conference taking place in Munich.

During his Keynote discussion on day 1 Patrick identified the many limitations when managing new access silos in AWS and Azure.  

During day 2 Patrick discussed the role of IAM in hack prevention highlighting the recent Sony Pictures hack.

DSC 0016 resized 600

If you're around on the 7th you can catch his IAM best practices discussion from 12:00-13:00 PM or stop by for a discussion or deep dive demo to see what makes empowerID the best IAM Suite in the market today.  For those unable to attend in person empowerID will be sharing the presentations in the near future.

 

Request a Demo

Tags: Active Directory, IAM, Attestation, Identity and Access Management (IAM), Access Governance

Adaptive 2-Factor Authentication for Citrix Netscaler

Posted by Chris Hayes on Thu, Apr 30, 2015

2-Factor for Citrix via empowerID

What is Adaptive authentication? By definition something adaptive should have a capacity or tendency toward adaptation when faced with different scenarios. empowerID has taken this concept and applied it to our class leading Radius service for Citrix and other "edge devices" like Cisco, Juniper, Palo Alto, F5 and more.

Having managed many Citrix NetScaler strong authentication projects myself I understand the challenges faced when enabling 2-factor authentication with NetScaler products.

Common questions that you should ask yourself when undertaking a project like this are.
  • What methods does the authentication support?
  • Can I migrate users by groups in the back end rather than cut everyone over at the same time?
  • What kind of logging and reporting is available?
  • How scalable is the solution?
  • How are the configurations stored?
So we know some of the questions you need to be aware of, let's walk through an empowerID workflow for Citrix NetScaler below.

 

Adaptive Auth for Citrix

  1. Multiple users go to login to the NetScaler
  2. The NetScaler takes in a username and password
  3. This information is passed to empowerID's Radius endpoint
  4. empowerID looks at the group membership of the user
  5. One user will go through 2-factor authentication
  6. One user will go through Single Factor authentication
  7. Both users will be presented with the same information after authentication
This truly adaptive model means you can migrate some your users to 2-factor authentication while keeping some at single factor authentication.

So let's get back to a few key points:
  1. What methods does the authentication support?
  • Can I migrate users by groups in the back end rather than cut everyone over at the same time?
    • Fully supported, keep everyone going to the SAML login page and empowerID will determine if the user needs 2-factor or single factor authentication.
  • What kind of logging and reporting is available?
    • empowerID's audit and reporting engine leads the pack when it comes to real time reporting and auditing.  While other products can't push reports up to a central audit point empowerID doesn't have the same limitations.  Built from the ground up to scale you can log into one place and review all audit reports.
  • How scalable is the solution?
  • How are the configurations stored?
    • empowerID configurations are stored in a database, the way it should be done.  Not in flat web.config or .conf files, these aren't methods that scale.

    Ready to learn more?

     Request a Demo

    Tags: Active Directory, IAM, Identity Management, SAML, Citrix, Palo Alto, Identity and Access Management (IAM), Radius, 2-Factor, Cisco

    EmpowerID Named Overall Leader in IAM / IAG Suites

    Posted by Patrick Parker on Thu, Feb 05, 2015

    Rating graph

    EmpowerID has been recognized as a three time leader in a recent KuppingerCole report evaluating Identity and Access Management (IAM) / Identity Access Governance (IAG) Product Suites.

    The IAM/IAG Leadership Compass “focuses on complete IAM/IAG (Identity Access Management/Governance) suites that ideally cover all major areas of IAM/IAG as a fully integrated offering,” Martin Kuppinger wrote in the report.

    KuppingerCole, a respected global analyst focused on Information Security, examined Identity and Access Management / Governance Suites for this report. They specifically evaluated products that are integrated solutions with a broader scope than single-purpose products. Martin Kuppinger concluded in the report, “With their Windows-based product they [EmpowerID] offer one of the best integrated IAM Suites. All components have been built by EmpowerID, allowing for tight integration into a well thought-out architecture. This integrated approach is a clear strength of EmpowerID."

    To request an unabridged copy of the the KuppingerCole report on IAM/IAG Suites, please visit http://info.empowerid.com/download-the-free-kuppingercole-iam-suites-leadership-compass.

    Tags: Role Based Access Control (RBAC), GRC, authentication, IAG, IAM, Group Management, Governance and Regulatory Compliance, Identity Management, Federation, User provisioning, Attestation, Separation of Duties, Identity and Access Management (IAM), Access Governance