2 Certified Professionals
This case study presents a situation where organisations using IdentityNow faced problems in regards to user access management. IdentityNow behaviour allows users with particular permissions, such as Helpdesk, Cert Admin, and so on, to login to IdentityNow while it is in an inactive state, regardless of whether SSO is used or not. This case study explains how our professionals upgraded the existing IdentityNow Management Connector to resolve these problems and increased security and dependability.
There were some restrictions and issues with the initial IdentityNow Management Connector:
- When a lifecycle state changed, it did not disable an identity. Furthermore, the status of an identity was inaccurately reported.
- IdentityNow User Levels (such as ORG_Admin, Helpdesk, Cert_Admin) were only revoked on the completion of a certification, the user rights.
- The connector’s dependability was hampered by the use of the CC API (IdentityNow’s Private API) which was subject to deprecation.
To solve the following issues, our professional team set out to improve the IdentityNow Management Connector. They worked on the loopback IdentityNow Management SaaS connector, contributed considerably to its code base, and made numerous critical developments.
- Native Login Access Token Capability: The professionals implemented native login access token functionality to allow the connector to reach private API endpoints for permission revocation. It also utilised updated and stable API endpoints, replacing the EoL APIs.
- Identity Disabling Upon Inactive Lifecycle State (LCS): A major feature was the ability to automatically disable user identities when they reached an inactive lifecycle state. This ensured users would be barred from logging into the IdentityNow tenant even if they had particular IdentityNow User Levels.
- Correct Disabled/Enabled state: The team fixed the problem with the disabled/enabled state not being correctly reflected. The upgraded connector now appropriately changes the status based on the user identity’s state.
- Enhanced Identity Permissions Removal: The team enhanced the connector’s capability to allow for both identity disable and permission removal upon Inactive lifecycle state. This removed the requirement for users to choose between eliminating rights and disabling the identity, giving them greater flexibility and control over their identity management.
- As a result, the updated connector could be deployed for the organisation and implementation of this upgraded approach offers the following advantages:
- Enhanced Reliability
- Increased Security
- Streamlined User Identity Management
- Improved Compliance
How SecurDI can help
Our strength is guiding businesses toward a successful technical implementation with specifically curated solutions. We enable organizations to achieve their goals with best practices engrained throughout the processes. At SecurDI, our team of seasoned professionals deliver secure and holistic solutions to make your professional engagement successful and your investments meaningful.