Provisioning Accounts to Multiple Security Domains
SOAP-Based API provisioning and data lifecycle management
Core Privileged Access Manager (BoKS)’s main strength is its ability to create a single security domain of your IT assets, with a single policy set. There are, however, valid reasons to segregate networks, and infrastructure due to:
- Differing IT governance, often due to historical M&A activities
- The need to report to multiple market regulators or compliance regimes
- Public internet-facing IT with extreme access control risk (i.e., DMZs)
- Extreme geographical distance tied to parallel operation of legal entities
With Tier 2 or Tier 3 platform or application support teams it may be necessary to provision the same person’s identity and access requirements into multiple BoKS domains. The BoKS Web Services Interface (WSI) allows secure validated creation or manipulation of:
- User accounts
- User roles
- Host definitions
- Host groups
- Granular access control routes
Web Services Interface allows the same identity to be provisioned across domains, allowing later correlation analysis of log messages and a view into what staff members are doing in separate security zones.
How We Help You Gain Control
Create BoKS Data Types
Create the same BoKS data types allowed in administration CLI or the BoKS Control Center
Support Parallel Provisioning
Enable parallel provisioning and full lifecycle management of a user’s identity from a corporate directory into multiple BoKS security domains
Implement Incremental Data Change Control
Make use of incremental data change control for BoKS data from a master corporate directory to facilitate HR, help desk systems, and external role management platforms
What This Means to You
Meet Compliance Requirements
Quickly meet access/authorization regulations as described in SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA. Regulatory environments are not well defined across multiple business units, or wide geographies. Core Privileged Access Manager (BoKS) WSI allows a single view of log data across zones.
Reduce Admin Overhead
Ease the burden on your team with common SOAP calls that can be targeted at multiple security domains.
BoKS Web Service Interface enforces commonality of identity across zones, and where appropriate can relocate users as they move to a different operating unit’s infrastructure.