Users can be added to the system with any of the following methods -
- Manual addition of Users/Vendors.
- Bulk upload of users and groups using the CSV upload method.
- Connect to your existing Identity provider ( eg. Okta, OneLogin, Keycloak, ADFS, etc.)
- Connect to AD/LDAP
- Use your existing database as an identity store ( My-SQL, MS-SQL, etc.)
- Provision your users through your HR management system.
The joiners are the newcomers in the organization. They are provisioned to the applications based on the group or role they are assigned and thus will have access to the respective applications.
The movers are those who move from one department to another or change their roles. The user will be provisioned to the respective applications of the group they are assigned to.
The leavers are the ones who leave the organization. miniOrange will disable the accounts and deprovision the users from the applications once it is updated in the HR system so that the leaver will no longer be able to access any of the organization’s resources.
- all identified user types should be covered (i.e., internal staff, third parties);
Multiple groups and policies can be created based on the business requirements and the organization’s workflow. Groups for eg. Interns, System administrators, Developers, etc. can be created for Internal staff, and groups like partners, suppliers, distributors, etc. can be created to cover the third parties.
- changes of job status or job positions for internal staff (e.g. joiner, mover, and leaver) should be instigated by the human resources department;
miniOrange can integrate with any HR management system. Any changes in the job status or position once updated in the HR system, the user will be provisioned or de-provisioned from all the applications based on the job role.
- changes for the external staff or third parties should be instigated by the appointed accountable party;
The personnel appointed for the external staff or third party can communicate with the admin for any changes required in the permissions or access. All changes are logged for monitoring purposes.
- user access requests are formally approved by business and compliance requirements (i.e., need-to-have and need-to-know to avoid unauthorized access and (un)intended data leakage));
miniOrange makes sure that the right user has the access to the right applications using group-based policies. An approval-based system for giving access rights can be set up to ensure a proper business workflow. The rights to grant or revoke access will be assigned to an authority. All reports are available at any time for monitoring of the system.
- changes in access rights should be processed on time;
All changes in access rights are instant and as soon as the job role/group of the user is changed. The user is provisioned and de-provisioned across the applications based on the change in the job role.
- periodically user access rights and profiles should be reviewed;
miniOrange uses group-based policies to ensure that the correct user gets access to the right apps. User’s access rights and profiles are periodically reviewed to reduce the risk of a security breach.
- an audit trail of submitted, approved, and processed user access requests and revocation requests should be established;
- user access management should be supported by automation;
To streamline the process of assigning and managing the user access rights, miniOrange provides an automated user access management system. This will aid in time management and allow administrators to take faster and quick action against any security breaches and prevent improper user activity.
- centralization of the identity and access management function;
Provisioning and de-provisioning are handled in one place using a centralized identity and access management system. IT resources are centrally controlled with miniOrange IAM services, and users can access all apps and tools from a single dashboard with the convenience of a single sign-on. Click to learn more
- multi-factor authentication for sensitive and critical systems and profiles;
miniOrange provides 15+ authentication methods and solutions for various use cases. This additional layer prevents unauthorized persons from the resources, even if they know your username and password, thus protecting sensitive and critical information. Click to learn more.
- privileged and remote access management, which should address:
- the allocation and restricted use of privileged and remote access, specifying:
- multi-factor authentication should be used for all remote access;
MFA provides an extra layer of security for remote access. MFA for remote access will prevent unauthorized individuals from accessing critical data while also improving the organization's overall security strategy.
- multi-factor authentication should be used for privilege access on critical systems based on a risk assessment;
miniOrange provides the facility of multi-factor authentication to be used on privileged access. This secures your repositories, logs, and administrator account by ensuring that only authorized workers have access to your privileged account passwords.