Apere provides Public, Private or Captive data Center configurations for Automatic Deprovisioning or Zero-Day Access Control. When employees are terminated or contractors finish their term, access can be automatically revoked. IdM in Public, Private Cloud or captive configurations can be triggered on changes in employee status in HRMS Platforms like PeopleSoft or Active Directory. Accounts can be disabled for Active Directory, Mainframes, UNIX, Web, SaaS, Client Server or Cloud instances of enterprise applications. Example: Salesforce.com, SAP, Oracle, Cerner, UNIX, Lotus Notes.
|
|
1. |
What is Zero Day Access Control? |
|
Zero Day Access Control is about disable or de-provisioning the user in time before the enterprise data is lost. When employees are let go, or contractors are terminated often their access to application continue to exist. This is a compliance and security violation. Patient care data, banking information, citizen and employee personal data all exposed to unauthorized accesses. Often enterprises have policies to De-provision users from enterprise authentication servers when they are no longer employed or terminated contractors. This De-provisioning update does not automatically roll out to externally hosted SaaS Applications resulting in security and compliance violation |
|
|
2. |
How is Deprovisioning done for SaaS Applications? |
|
Most often enterprise IT administrator has no knowledge of all the SaaS accounts that a particular user has been provisioned into. Today enterprise Identity Access Management tools and domain authentication platforms don’t extend to external clouds beyond the enterprise firewalls. Business unit managers take proactive role to force account deprovisioning with changes in payroll and contract engagements.
|
|
|
3. |
What is Deprovisioning from cloud by Apere, and how does it address the pain point? |
|
Apere provides a zero day access control to SaaS Applications by disabling or deprovisioning users from SaaS Applications. When a user is disabled in Active Directory or corporate HRMS platforms, Apere Deprovisioning engine reconciles the users and identifies primitives to act on. Users will be de-provisioned and the event is saved in the data base for compliance reports. |
|
|
4. |
Does the SSO integrate with Zero-Day Access Control? |
|
Yes, Apere Single Sign-On Technology validates the user against the Active Directory before the providing access to application. If the user is de-provisioned in HRMS or disabled in Active Directory or if there are changes in group attributes in AD SSO is denied |
|
5. |
Can we generate reports on who was de-provisioned and when? |
|
Yes, Apere technology will document the event fully. When the user was de-provisioned and what was the trigger for this event. It can also save the SNAP shots of AD group information for the user in case of change of group attributes. Templates can be setup for specific reports SAS, GLBA, HIPAA, SOX etc. |
|
|
6. |
Can Automatic triggers be setup? And emails sent to administrators? |
|
Yes, Apere technology can be setup to send reminders to administrators or group managers when ever de-provisioning is done by application or by group association. |
| |
|
| |
|
|
| |
|
|
|
|
|
|
| |
|
|
|
| |
|
Domain Controllers:
AD, LDAP, eDir, Domino
|
|
| |
|
Mainframes:
Lotus Notes, RACF, ACF2
|
|
| |
|
UNIX Platforms:
HP-UX, IBM-AIX, Linux
|
|
| |
|
SaaS:
Salesforce, Google, 125+ other SaaS Apps
|
|
| |
|
Web:
75+ Enterprise and Hosted Apps
|
|
| |
|
Client Server & Custom Applicaions:
175+ Enterprise and Hosted Apps |
|
|
|
|
|
|
| |
| |
|
