Tools

Clear redundant roles

Description

A high level profile can contain or grant application permissions. On the other side, application permissions can contain or grant low level permissions. All of them are referred to generally as roles.

Some users could have been granted both high level profiles and application permissions or low level permissions.

In that case, low level roles can be removed from the Soffid database, as they are inherited through role inheritance rules.

This tool identifies any low level roles granted to users at the same time that its owner high level role, and removes them.

Screen overview


  1. Roles
  2. User

Actions

Introduction

A brief description of this process.

Next

Allows you to browse to the Filter roles step.

Filter roles

Allows you to filter a subset of roles to apply the process.

Undo

Allows you to return to the previous step without applying any changes.

Next

Once you search for the proper Roles, you can click the Next button to browse to the Preview result step.

Preview result

Displays a list with the subset filtered of roles.

Undo

Allows you to return to the previous step without applying any changes.

Next

Allows you to run the Clear redundant roles process to the subset of roles & accounts there are in the list.

Disable inactive users

Description

Probably there are some users that do not need access to any information system. Using this tool you will be able to identify them and act upon them.

The process is a two step process:

  1. Filter out the universe of users to analyze.
  2. Select the actions to perform on these users.

The available actions are the following:

It's usual to initially use this tool for only a subset of your users.
For instance, you can send a message when the password is reaching the expiration date, disable the user when no login has been made in the last 90 days or completely remove its accounts when the identity has been disabled for 30 days.

Screen overview

* Send an email message: Send To: #{userName} #{attributes.manager} issuers@soffid.com

  1. User

Actions

Introduction

A brief description of this process.

Next

Allows you to browse to the Filter roles step.

Filter users

Allows you to filter a subset of users to apply the process

Undo

Allows you to return to the previous step without applying any changes.

Next

Once you search for the proper Users, you can click the Next button to browse to the Criteria result step.

Criteria

Allows you to establish the action to perform on these users.

Undo

Allows you to return to the previous step without applying any changes.

Next

Once you search for the proper Users, you can click the Next button to browse to the Criteria result step.

Preview result

Displays a list with the subset filtered of users.

Undo

Allows you to return to the previous step without applying any changes.

Next

Allows you to run the process to the subset of users there are in the list.

Disable inactive accounts

Description

Probably there are some accounts that are no longer used. Using this tool you will be able to identify them and act upon them.

The process is a two step process:

  1. Filter out the universe of accounts to analyze.
  2. Select the actions to perform on that accounts.

The available actions are the following:

It's usual to initially use this tool for only a subset of your accounts.
For instance, you can send a message when the password is reaching the expiration date, disable the account when no login has been made in the last 90 days or completely remove it when the account has been disabled for 30 days

Screen overview

* Send an email message: Send To: #{userName} #{attributes.manager} issuers@soffid.com

  1. Account

Actions

Introduction

A brief description of this process.

Next

Allows you to browse to the Filter roles step.

Filter accounts

Allows you to filter a subset of accounts to apply the process

Undo

Allows you to return to the previous step without applying any changes.

Next

Once you search for the proper Accounts, you can click the Next button to browse to the Criteria result step.

Criteria

Allows you to establish the action to perform on these accounts.

Undo

Allows you to return to the previous step without applying any changes.

Next

Once you search for the proper Accounts, you can click the Next button to browse to the Criteria result step.

Preview result

Displays a list with the subset filtered of accounts.

Undo

Allows you to return to the previous step without applying any changes.

Next

Allows you to run the process to the subset of accounts there are in the list.

Role mining

Description

Soffid’s role mining feature applies data mining technology to create business profiles based upon current application permissions in order to minimize the number of roles to be managed and maintained with the relevant cost saving.

In this context, Soffid allows the administrator to select different role management strategies:

Screen overview

Custom attributes

Scope

Parameters

Results

Reports

Actions

Role mining query actions

Query

Allows you to query the role mining process through different search systems, Basic and Advanced.

Add or remove columns

Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed. The selected columns and order will be saved the next time Soffid displays the page. 

Add new

Allows you to add a new role mining process in the system. You can choose that option on the hamburger menu or by clicking the add button (+). 

Delete

Allows you to remove one or more role mining processes by selecting one or more records and next clicking the button with the subtraction symbol (-). To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Download CSV file

Allows you to download a CSV file with the basic information of all role mining processes. 

Merge

Allows you to merge two identities when you identify that is necessary.

First of all, you need select two identities. Second, you need to click the hamburger icon and select the merge action. Then Soffid will display a window where you need to select the correct value for each standard and custom parameter. Finally, you need to apply changes to save the updates, or back to cancel that action.

Role mining scope

Save

Allows you to save the scope defined. It will be mandatory to select some groups and information systems before continuing. When the role mining process is created, the default status will be Preparation.

Add Groups

Allows you to add new groups to be evaluated. You need to click the add groups button (+) and search the proper groups, then click the Add group button.

Add Applications

Allows you to add new applications to be evaluated. You need to click the add application button (+) and search the proper groups, then click the Add application button.

Undo

Allows you to quit without applying any changes. 

Next

Allows you to browse to the Parameter step. It will be mandatory to select some groups and information systems before continuing.

Parameters

Start

If you click the start button, Soffid will change the process status to Scheduled.

Undo

Allows you to quit without applying any changes. 

Result

Next

If you click the Next button, Soffid will browse to the Reports tab.

Undo

Allows you to quit without applying any changes. 

Reports

Download

Allows you to download a report with the permissions matrix.

Apply changes

If you click the Apply changes button, Soffid will make the changes in the roles of users and entitlements.

Undo

Allows you to quit without applying any changes.