Ankey IDM is included in the registry of domestic software. It is allowed to use the platform at Russian enterprises of an increased protection class (up to and including the 2nd class)
IGA (Identity and Governance Management) class solution for centralized management of employee accounts and credentials in enterprise information systems
Application scenarios
Control over the provision of all types of accounts, including service and technological ones
Storing and using a single reference model for granting permissions and access
Automation of access provision based on personnel changes, including multiple employments and job combinations
Support for more than 100 popular information systems and platforms
Management of corporate password policies depending on the type of account and information system
A single portal for requests, approvals, and access to the company's information resources
Storing and using a single reference model for granting permissions and access
Automation of access provision based on personnel changes, including multiple employments and job combinations
Support for more than 100 popular information systems and platforms
Management of corporate password policies depending on the type of account and information system
A single portal for requests, approvals, and access to the company's information resources
Ankey IDM
Access rights control and role model collection
Flexibly configurable separation of access rights and responsibilities (SoD - Segregation of Duties) allows the Ankey IDM platform to prevent critical accumulations of employee access rights. Extensive access rights certification and general authorization audit capabilities.
If it is necessary to centrally change access policies according to job descriptions or according to work necessity, the Role mining function is provided - collecting the role model, changing it and approving it.
Corporate self-service portal
- The platform settings allow for adaptation to any business processes of the enterprise.
- The user can independently: change the account password, make an access request (within the framework of the available policy), delegate their authority (in case of replacement, or for the duration of the vacation);
- If the user is a supervisor, it is possible to include him in the application approval chain, which significantly reduces the burden on IT services.;
- The presence of a single portal reduces the qualification requirements for administrators of information systems of the enterprise;
- The system has extensive capabilities for system personalization: expanding existing fields, triggers, and synchronized data with the ability to reuse them during the approval stages.;
Account Lifecycle Management
- The Ankey IDM platform allows you to assemble all used user accounts into a single interface.
- Account Control - creation, blocking, and modification based on information from personnel sources and/or at the request of users
- Flexible configuration of processes for creating, changing, and blocking employee accounts and their permissions
A single portal for requests, approvals, and access to the company's information resources
Without limiting the number of personnel sources, with support for multiple jobs
Ankey IDM allows you to manage the full lifecycle of accounts and the powers of employees and contractors through the ability to create an access-employment or access-account relationship. In a multi-level organizational and staff structure of an enterprise, this allows you to significantly increase the speed of hiring employees or contractors, especially if one user combines several jobs at once.
How the Ankey IDM platform works in enterprise systems
- Ankey IDM Software Requirements
- Linux: FSTEC certified: Astra Linux 1.6 Smolensk (and later), Red OS 7.2 (and later), Alt Linux 9 (and later), freely distributed distributions are also supported
- DBMS: PostgreSQL, Jatoba DBMS
- Additional components:
- Java 11 – OpenJDK, AxiomJDK, AxiomJDK Certified (FSTEC certified by UD4)
- OpenSearch 2.02 and later
- The Ankey IDM Account Management platform includes:
- Ankey IDM Application Server
- Connector Server
- DBMS Server
- These components are installed both on dedicated separate servers and jointly on a single server.
- The application server is responsible for executing business logic, periodic data synchronization tasks with HR information sources and enterprise information systems, conducting application approval routes, and conducting data routes (so-called mapping).
- The connector server is responsible for managing accounts and receiving data from HR systems and services. It contains the necessary libraries for connecting to the target information systems of the enterprise.
- The DBMS server stores account status data, application-related business processes, audit information, desired employee data, and user roles. It is also responsible for storing SoD (critical access rights) data, organization role model (Role mining) data, including the history of changes.
- Management is carried out via the web interface.
Recommended installation on a cluster system with redundancy and load balancer.
Management is carried out via the web interface