Segregation of duties

Identity Governance enables centralized management of end-user access to resources throughout your company ensuring corporate and regulatory compliance.

Identity Governance implements an internal control process, also known as segregation of duties (SoD), to prevent the granting of privileges to a single individual in situations where conflict of interest could arise. For example, end users responsible for authorizing financial transactions should be different from those users responsible for reconciling, recording, or reviewing these transactions.

To implement SoD, Identity Governance uses policies consisting of policy rules, which outline the conditions for conflicting entitlements during end-user access requests. You can also schedule policy scans on a regular basis to catch any policy violations.

Identity Governance also provides workflow nodes to handle SoD violations, letting you grant an exception for the violation, reject the violation, or remediate any conflicting entitlements. When Identity Governance detects non-compliant access requests, whether due to error or fraudulent activity, it marks them as violations and displays them on the Violations page. Identity Governance also displays all allowed violations on the Exceptions page.