What is Identity Governance ?
PingOne® Identity Governance is a framework for centrally managing user identities and controlling access to resources within an organization. It ensures that the right individuals have the appropriate access to resources while maintaining compliance with corporate, regulatory, and security policies.
|
Advanced Identity Cloud add-on capability
Contact your Ping Identity representative if you want to add PingOne® Identity Governance to your Advanced Identity Cloud subscription. |
Core capabilities of Identity Governance
By implementing Identity Governance, organizations can minimize security risks, prevent unauthorized access, and streamline compliance with industry regulations.
Identity Governance provides the following core capabilities:
-
Manage access requests: Provide a self-service catalog where users can request access to applications, and use automated workflows to route those requests for approval.
-
Certify user access: Schedule and run regular access certification campaigns. This requires managers to review and either approve or revoke their team members' permissions, which prevents the slow accumulation of unnecessary access.
-
Automate the identity lifecycle: Automate the entire user lifecycle, from granting "birthright" access to new hires on their first day to instantly revoking all access when they leave the organization.
-
Enforce security policies: Create and enforce segregation of duties (SoD) policies to prevent users from gaining conflicting combinations of permissions that could introduce risk.
-
Audit and report on access: Maintain a complete audit trail of all access-related activities, including requests, approvals, and changes, to ensure you can meet compliance requirements.
-
Manage the lifecycle of users and entitlements: Delegate user and entitlement administration to non-technical staff through a user-friendly interface, Using the interface, these users can manage the lifecycles (create, update, delete) of your users and entitlements.
-
Governance recommendations: Leverage machine learning to analyze peer access patterns, providing clear suggestions to help you make faster, more consistent, and secure access decisions.
Identity Governance administrator UI
When you purchase Identity Governance, a new Governance section appears in the main navigation menu in the admin console. This section provides administrators with centralized control over all identity governance functions. From this UI, administrators actively manage the entire governance framework.
They can:
-
Configure system-wide IGA settings.
-
Build and enforce access policies, such as segregation of duties (SoD).
-
Create and monitor access certification campaigns.
-
Oversee all access requests and approval workflows.
Access to these administrative functions requires tenant administrator permissions.
End-User UI
In the end-user dashboard, ew self-service options empower users to manage their own access through an intuitive interface. The UI provides several key sections that allow users to view, request, and manage permissions.
-
Inbox: Users, such as managers or application owners, can review and act on pending access requests. From the inbox, they approve or deny requests submitted by their team members or for applications they own.
-
My Access: Users can view a complete list of their current application access and permissions. This gives them full visibility into what resources (accounts, roles, entitlements) they are authorized to use.
-
My Requests: Users can track the status of access requests they have submitted. This section shows whether a request is pending, has been approved, or was denied.
-
Administer: Designated users, who are not tenant administrators, can manage the lifecycle (create, update, and delete) of other users and entitlements. This delegates administrative tasks to the appropriate people without granting them full admin rights.
This intuitive interface helps users get the resources they need quickly while ensuring all requests follow your organization’s defined approval processes.
