Identity & Access Manager (IAM) from Tools4ever is a complete Identity Governance & Administration Solution that provides simple, standardized management of user accounts and access rights on the network while maintaining full compliance with laws and regulations in the areas of HIPAA, SOX and many others.
- Centralized access reporting data, both current and historical, so auditors know who is accessing what, when, and where.
- Critical highlights regarding system access rights.
- Detailed audit logs of user and administrator activities.
- Reports on configuration changes including file and Exchange servers.
- User Provisioning is a process in IAM which ensures that user accounts are automatically created, changed, disabled and deleted.
- User Provisioning software establishes a connection between the HR system and user accounts in the network.
- Every change in the HR system (for example a new employee, change of name, change of job, promotion or leaving employment) is detected automatically by our software which then performs the appropriate process automatically.
Helpdesk Delegation (HD)
- With the Helpdesk Delegation module of IAM, all user management tasks in IAM scenarios are recorded and linked to web forms, so user account management requests can be delegated downstream to other, less technical IT staff without requiring them to have advanced admin rights.
- Every change made is recorded in an audit log.
Workflow Management (WFM) & Self-Service
- With Workflow Management and Self-Service, employees and managers can request, check, and approve resources without any IT intervention.
Access Governance (AG)
- Access Governance (also known as Role Based Access Control, RBAC) is a method for setting up authorization management within an organization. With this method, authorizations are not assigned on an individual basis but are based on RBAC roles which are designated by an employees department, position, location, cost centre, and possibly other factors, in the organization.
A good way of assigning authorizations and populating the RBAC matrix is in the form of a pyramid. At the peak of the pyramid is the organization itself, the top, followed by the department, position and finally the individual – ground level. The pyramid is populated and on the top level -organization and location – there are authorizations which apply to everyone in the organization such as logging in, word-processing and e-mail. This section can be completed almost immediately.
The authorizations for each department/position can then be added –for example, access to departmental shares and applications. Here it’s helpful to focus on the top fifty combinations of department and position in terms of employees as a start. The HRM system is an excellent source for determining the combinations.
Assigning detailed authorizations can be performed on an ad-hoc basis by a manager, using a workflow for instance. A workflow is utilized via e-mail notification and/or a web form, to ask the appropriate manager what the specific rights and applications should be for their employees. The RBAC software can then record the choices the manager makes and this information can be used to define the RBAC table further, ultimately achieving a fully-populated RBAC table.
- Downstream Provisioning within IAM enables you to establish automatic connectivity to systems other than Active Directory, Exchange, and NTFS for managing user accounts. With Downstream Provisioning, notification e-mails that are normally sent to application administrators are replaced by automatic application connections. IAM has a wide range of connectors – more than 150 – for managing user accounts (authentication) and rights (authorizations) in systems and applications.
IAM links all the systems in your network
- IAM is delivered with a large number of default connectors – more than 150 at present – which means that most likely, if you’re using a system, we can connect to it. The best part is that all of these connectors have been developed by Tools4ever and are maintained as part of the maintenance contract, so if you add systems as you build out your architecture, you can connect with IAM as you go.
- Connectors for various systems and applications containing user account information include: operating systems, helpdesk systems, HR systems, student information systems, directories, databases, telephone systems, ERP systems and a host of other systems
Benefits of Downstream Provisioning
- Short user account creation lead time
New employees have the proper authorizations to the network as well as adjacent systems and applications from day one.
- Reduced management burden for applications
Application Engineers are less burdened with processing the changes of user accounts thanks to automated processes via connectors.
- Standardized management of user accounts
The process of managing user accounts is deployed in the same, uniform manner for all systems and applications in the network.
HelloID (Cloud Single Sign-On) (Identity As A Service)
- HelloID is a modern and secure cloud-based Identity & Access Management (IAM) solution.
- With one powerful cloud solution, you have an answer to the increasingly complex Identity Management issues within your organization.
Modules & Features
- Securely access all of your cloud applications from anywhere in the world with a single login.
- HelloID supports all common SSO protocols. Apply additional security measures with multi-factor authentication and access policies.
- Cloud directory
- Custom user attributes and fields
- Custom mapping and transformation
- Multiple Active Directory integrations
- Active Directory user authentication
- Active Directory user and group synchronization
- Responsive and personalized dashboard
- Managed and personal application tabs
Single Sign-on (SSO)
- Identity Provider (IdP) routing
- Integrated application catalogue
- Desktop Single Sign-on (SSO)
- Mobile Single Sign-on (SSO)
- On-premise Single Sign-on (SSO)
Multi Factor Authentication (MFA)
- SMS authentication
- E-mail authentication
- OTP tokens including Microsoft Authenticator and Google Authenticator
- RADIUS integration for 3rd party MFA and hard token
Access rules and policies
- Security and logon policies
- Group and application access policies
- Contextual access policies
Auditing & reporting
- Standard reports
- Custom reports
- Periodical reports
- Multi-language support
- Custom organization URLs (e.g. portal.company.com)
- Custom branding and layout
- Chromebook integration
- Intranet integration including SharePoint, Embrace, Iris Intranet, Motivo, and Winkwaves
- TOPdesk integration
- RESTful API
- Let staff and students request access to resources through the online portal, and let the owners of those resources handle the approval process.
- Get the IT department out of the equation by automating the backend processing and logging inside the IT infrastructure.
- Product catalogue and managementRequest inbox and timeline
- Employee & Manager Self-Service (ESS & MSS)
- Product expiration and automatic return
- Separation of Duties (SoD)
- Product risk factors
- Request on behalf
- Active Directory delegated administration
- Automatic Approvals
- Any, all, and subsequential workflows
- Custom approval workflows
- Approver scoping selector
- Delegated approver assignment
- Integrated task catalogue
- Inline PowerShell editor
- Variable management
- User, group, and folder event triggers
- Fine-grained event triggers
- Task scheduler and administration
- Drag-and-drop form designer
- Conditional form components
- Link forms to self-service products and workflows
- Use form data in automation tasks
- File share and resource owner management
- Folder browser
- Automatic ACL constructor
Auditing & reporting
- Standard reports
- Custom reports
- Periodical reports
SSRPM (Password Reset)
- SSRPM (Self-Service Reset Password Management) allows Active Directory users to easily reset their password 24/7 based on simple, predefined questions.
The Basic SSRPM module was designed to contain all the functionality needed for your end users to self-manage their password resets, allowing them to change their Active Directory passwords without the need for helpdesk intervention.
The integrated Web Module enables SSRPM to be used outside the corporate network for the ultimate in accessibility. Employees can reset their passwords at any time, from any location – even from their smart devices such as smartphones and tablets. Additionally, SSRPM can be integrated seamlessly with Microsoft Outlook Web Access (OWA) and Forefront Threat Management Gateway (TMG) to expand your connectivity options.
SSRPM’s Account Claiming module plugs the security gap undermining your onboarding processes: transferring accounts and credentials to new users. Most organizations lack secure delivery methods and rely on easily-guessed, generic password values or formats (e.g. LastName.FirstInitial1!) to “lock” new accounts.
Active Directory Self-Service
Active Directory Self Service lets end users edit their own attributes in AD. This feature enables users to do more without the intervention of the helpdesk, while also ensuring that data in the Active Directory is always up to date. Administrators determine which attributes can be updated by the end user. The end user simply logs in to the SSRPM portal to see which fields can be edited and has the option to upload a photo.
With a swarm of security issues cropping up every day, two-factor authentication (2FA) is becoming a “must-have” for many companies, rather than an option for their data security.
The SSRPM service includes mobile text authentication to provide a second level of security through a PIN code.
When users want to reset their password using SSRPM, the application sends a text message containing a PIN code to the user’s mobile device. After the user has entered the correct PIN code, the password can be reset.
Even with tools that significantly lower the number of calls to your support desk, invariably there will be some cases where calls do come in. When they do, it’s up to your staff to make sure they know who they’re talking to before providing any password reset options. That’s why we developed the Helpdesk ID Verification Module to allow helpdesk staff to verify the identity of a caller.
ERAM (File System Auditing)
- Enterprise Resource Authorization Manager (ERAM) by Tools4ever offers the solution for providing insight into file system access, cleaning up pollution and safely delegating owners to manage access to your organization’s data.
Which folders are never used and which need to be cleaned up? Who has access to a folder and who has access that should not? These questions cost system administrators substantial effort to answer. With ERAM, these answers are available in real time, all the time.
Reports and Analysis
ERAM Reports and Analysis use the ERAM Collection database to compile comprehensive reports and perform analyses. System administrators can use this new-found visibility to improve and optimize the file system and its data management.
Analyzing your organization’s data usage provides the perfect starting point for delegating management from the IT helpdesk to the real owners within the business.
PCM (Password Complexity Manager)
Complex passwords provide a greater level of security for user data, but just how complex is too complex or too simple? Wouldn’t it be nice if you could regulate the levels of complexity rather than being forced to follow someone else’s policies? Password Complexity Manager (PCM) is a complete, user-friendly alternative to Microsoft’s Fine Grained Password Policies. PCM puts you in the driver’s seat with a flexible solution to create and manage the rules you choose to implement for password complexity.
PSM (Password Synchronization Manager)
With Password Synchronization Manager (PSM), one password securely manages all of the critical business systems and applications your end users need to access.
When an end user resets their Active Directory password, PSM ensures that all connected applications receive the new password in real time.
E-SSOM (Enterprise Single Sign-On Manager)
- Enterprise Single Sign-On Manager (E-SSOM), a key component of the Tools4ever Identity Governance & Administration (IGA) suite, provides the flexibility of customizable options for automation and authentication including single sign-on, automated login, strong two-factor authentication (2FA), Virtual Desktop Automation (VDA) and WebSSO.
- With the E-SSOM basic Automated Login Module, an end user only needs to log in once with their Active Directory username and password. Automated Login automatically authenticates them for every system and application they use with a single login.
- With the E-SSOM WebSSO Module from Tools4ever, end users can be granted access to all cloud applications from any device (PC, tablet, smartphone, etc.) using the same, single username and password they have been assigned in Active Directory.
UMRA (User Management Resource Administrator)
- User Management Resource Administrator (UMRA) was launched in 2004 as Tools4ever’s flagship user account management and provisioning solution for Active Directory environments.
- System administrators across all industries and sectors still rely on UMRA for their user account lifecycle needs over a decade later.
- UMRA handles user account creation and the other time-consuming tasks that prevent your team from tackling those big projects.
- UMRA is a complete user account lifecycle solution that simplifies management of Active Directory (AD) user accounts and authorization processes.