LogoLogo
3.1.7
3.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.1.8 -Beta
      • 3.1.9-Beta
      • 3.1.10-Beta
      • 3.1.11-Beta
      • 3.1.12-Beta
      • 3.1.13-Beta
      • 3.1.15 -Beta
      • 3.1.16
      • 3.1.17
      • 3.1.18
      • 3.1.15 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
    • Form Logic
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Certification and Attestation
  • Unstructured Data Attestation
  • Segregation Of Duties
  • IAM Reporting
  • Overview of the policies that can be enforced from Cymmetri

Was this helpful?

Export as PDF
  1. Governance

Compliance Management

Was this helpful?

Certification and Attestation

Cymmetri Identity Governance provides for managing user certification through its feature. As part of user access review, a campaign can be set up to automatically process the user entitlements and send the review request to the appropriate approvers in the system.

The campaign allows review of

● All users

● Groups of users

● Type of users (employees, vendors)

● Application wise users

The system allows the review to occur in stage-wise approval allowing up to 3 levels of certification.

The campaign can be setup to occur periodically using Cymmetri’s scheduler.

At the review side, the mapped approver user can view and approve the certification in Self service console of Cymmetri. The approver can certify in bulk by either approving or revoking the access of the required users. The revocation of access is in real-time. To read more and configure refer .

Unstructured Data Attestation

As an add on component, Cymmetri allows request provisioning for Windows File System share folders utilizing PowerShell connector. Cymmetri can also perform periodic reviews of the resources and permissions available with users.

Segregation Of Duties

As a part of strong governance controls, Cymmetri provides configuration for or SoD through the Admin console. Every large organization faces the complexity of providing adequate access to its users to allow business as usual practices. However, over time, as more applications and their entitlements come into play, the ability to restrict the access controls involves greater risk.

Cymmetri’s SoD attempts to mitigate the access gaps and more then required access to users by defining appropriate business roles and responsibilities and managing them over a long period of time. Cymmetri breaks the configuration down to two main aspects:

  1. Defining the business functions through

    1. Process

    2. Tasks

    3. Business Roles

  2. Defining the access policy

    1. Business Policy

    2. Rules

Once the above definitions are understood and configured manually or through bulk-upload, the system can begin processing risk scores and access violations for individual users based on their existing entitlements.

The violations allow the business line managers and risk management to understand the access rights in violation. The violations are based on the business policy and rules which are in violation of the tasks that might be in conflict for business roles.

Apart from the violations, the system calculates and assigns a risk score to every user and their application entitlements. Based on the application roles in the target system, Cymmetri generates a qualitative risk score combining all the applications and entitlements.

IAM Reporting

Overview of the policies that can be enforced from Cymmetri

A qualitative risk score will be assigned based on the application risk factor and overall risk across all applications associated with the user. To read more and configure refer .

Cymmetri allows monitoring of key IAM metrics as per the under Insight menu. To read more and configure refer .

Apart from the out of box reports, Cymmetri provides custom reporting and dashboards which provide the ability to view the Cymmetri data as per specific needs. This is possible through Cymmetri's module.

&

&

Campaign Management
this
Segregation Of Duties
this
Cymmetri reports
this
Analytics
Authentication Policy
Rules
Password Policy
Provisioning Policy
Rules
De-provisioning Policy
Segregation Of Duties & Violation Policies
Multi-Factor based Authentication
Passwordless Authentication
Privileged Access Policy
IGA Policy Management