Reducing risks associated with recertification of dormant accounts
First Claim
1. A method to reduce risk associated with recertification of an account having an access entitlement, comprising:
- selecting accounts for recertification in accordance with a recertification policy;
determining which of the selected accounts are dormant accounts;
for each dormant account so determined, suspending access to the dormant account;
while the dormant account is suspended, issuing a notification to an entity associated with the dormant account to determine whether the entity has a continued access need with respect thereto; and
responsive to receipt of an indication that the entity has a continued access need, removing the suspension.
1 Assignment
0 Petitions
Accused Products
Abstract
An identity management system is augmented to provide for automated suspension of all dormant accounts before launching a re-certification campaign (pass). In one implementation, prior to receiving a recertification notice from the system, the affected user'"'"'s account is already suspended and thus cannot be accessed. Once the recertification succeeds, however, the account is restored. Preferably, the technique is exposed to an IAM system administrator through a simple interface, e.g., a one-click “suspend and re-certify” button in an administrative menu. When the administrator initiates the re-certification process, he or she may select the button for a particular account or user.
-
Citations
20 Claims
-
1. A method to reduce risk associated with recertification of an account having an access entitlement, comprising:
-
selecting accounts for recertification in accordance with a recertification policy; determining which of the selected accounts are dormant accounts; for each dormant account so determined, suspending access to the dormant account; while the dormant account is suspended, issuing a notification to an entity associated with the dormant account to determine whether the entity has a continued access need with respect thereto; and responsive to receipt of an indication that the entity has a continued access need, removing the suspension. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising; program code operative to select accounts for recertification in accordance with a recertification policy; program code operative to determine which of the selected accounts are dormant accounts; program code operative for each dormant account so determined to suspend access to the dormant account; program code operative while the dormant account is suspended to issue a notification to an entity associated with the dormant account to determine whether the entity has a continued access need with respect thereto; and program code operative in response to receipt of an indication that the entity has a continued access need to remove the suspension. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising:
-
program code operative to select accounts for recertification in accordance with a recertification policy; program code operative to determine which of the selected accounts are dormant accounts; program code operative for each dormant account so determined to suspend access to the dormant account; program code operative while the dormant account is suspended to issue a notification to an entity associated with the dormant account to determine whether the entity has a continued access need with respect thereto; and program code operative in response to receipt of an indication that the entity has a continued access need to remove the suspension. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. An apparatus for identity access and management, comprising:
-
a hardware processor; computer memory holding computer program instructions executed by the hardware processor to provide account access certification according to a certification policy, the computer program instructions operative to receive a suspend-and-recertify control command and, responsive to receipt of the suspend-and-recertify control command, to automatically suspend access to one or more dormant accounts prior to issuing continued business need (CBN) notifications to entities associated with one or more dormant accounts. - View Dependent Claims (20)
-
Specification