KOGIT IAM-Solutions

The SoD Matrix Plugin complements SailPoint IdentityIQ with a graphical interface to maintain and visualize the segregation of duties (SoD).

The clear representation in the SoD-Matrix is ideal for mapping the personal separation of functions on the IT level. Conflicts, borderline cases and permitted combinations are marked according to a traffic light principle and thus optimally prepared for audits. Data maintenance is carried out in a time-saving manner by mouse click.

More information:

SailPoint IdentityIQ tells you where sensitive data is and who is allowed to access it. With the IIQ History Plugin you can see where your data was stored and who had access to it. The KOGIT plugin complements IdentityIQ with an efficient archiving option for identities, roles and access rights. The clear representation of the historical data enables a fast search based on parameters, characteristics and the authorization status at a certain point in time.

Mehr Informationen:

The KOGIT Role Analytics Plugin simplifies navigation between different tasks in IIQ.

The plugin provides a user-friendly way for users to view identities, roles and permissions and their corresponding relationships. Daily tasks can be easily zoomed in and out, and the plugin’s search and display functionality is complemented by a role dashboard that highlights important KPI’s of role and permission status and usage.

The KOGIT Role Analytics Plugin for SailPoint IdentityIQ was developed at the request of our customers for a simpler role navigation in IIQ. With the latest KOGIT plugin, users now have a simple tool to zoom in and out of details to perform daily tasks without having to conduct a new search for each task.

In addition to the search and display services, the Plugin enhances IIQ and adds a role dashboard that highlights important KPIs.

Furthermore, it offers the following advantages (among others):

•     Export Options
•     A viewing tool for roles, identities, and entitlements
•     Representation of the use and assignment of individual objects, such as role compositions
•     Dashboard with key figures for using entitlements and roles

More information:

The KOGIT SAP OM Plugin allows users to load data from SAP OM to better support a number of IAM scenarios. Some of these include:

• Vacant manager position,
• Automatic roll creation,
• Automatic role assignments with a transition period,
• Improve mover processes and
• Simulating organizational changes.

Companies using the SAP Organizational Management (OM) often need the information, that is contained in SAP OM, in SailPoint IdentityIQ as well. The new KOGIT plugin enables this for users. The KOGIT SAP OM Plugin provides an IdentityIQ task that connects to an SAP HCM system, loads the organizational structure and stores it in IdentityIQ. Since IdentityIQ does not contain its own hierarchical object, roles can be used to model hierarchical structures. Therefore, the KOGIT SAP OM Plugin maps the SAP objects to role objects.

The KOGIT SAP OM Importer Plugin provides a task to load the following organizational data from SAP OM:

•     Organizational Units,
•     Positions,
•     Jobs,
•     Persons and
•     Executive positions.

The task can be configured to create a hierarchy of business roles in IdentityIQ from these objects, that corresponds to the hierarchy in SAP OM. It supports the automatic creation of assignment rules to assign these roles to identities that in turn are assigned to entities.

Optionally, role assignments, that take place before or after the actual assignment, can be configured to an organizational structure in SAP OM begins or ends.

More information:

The SIEM Plugin is an essential building block of the architecture for secure identity access management that integrates IAM, PAM and SIEM solutions.
To deliver log data (AuditEvents) from IdentityIQ to a SIEM requires an interface. The Advantages:

• A plugin for exporting syslog events in Common Event Format (CEF)
• The task only needs the IP address and the port of the SIEM/Syslog receiver
• The task regularly exports all configured AuditEvents from IdentityIQ to the defined address

The customers requirement for integration of IdentityIQ with a SIEM requires an interface to deliver protocol data from IdentityIQ to a SIEM. In this context log data refers to the AuditEvents in IdentityIQ. Further technical or business log data like Syslog or ProvisioningTransaction are not considered.
Technical log data of the web server can be collected via the operating system monitoring of the SIEM.

The plugin transmits the AuditAction events from IdentityIQ to the SIEM system via syslog in a Common Event Format. For this purpose, a so-called Scheduled Task is configured. It is not a real time procedure but can be used as a near time procedure by appropriate clocking.

The plugin is currently being supported in English and German.

More information: