Managing user access entitlements to information technology resources
First Claim
1. A computer implemented method for provisioning user access to a business application within a framework of an identity management system, the computer implemented method comprising:
- generating a service profile for the business application comprising information used to access the business application to form a managed service in the identity management system;
defining entitlements for the managed service comprising a set of conditions for accessing the managed service and permissions to be assigned to a user when the set of conditions is met;
responsive to receiving a request to access the business application from the user, determining whether the set of conditions for accessing the managed service is met by the user; and
responsive to a determination that the set of conditions for accessing the managed service is met by the user, provisioning the user access to the business application such that the user accesses the managed service using the information in the service profile.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request.
-
Citations
18 Claims
-
1. A computer implemented method for provisioning user access to a business application within a framework of an identity management system, the computer implemented method comprising:
-
generating a service profile for the business application comprising information used to access the business application to form a managed service in the identity management system; defining entitlements for the managed service comprising a set of conditions for accessing the managed service and permissions to be assigned to a user when the set of conditions is met; responsive to receiving a request to access the business application from the user, determining whether the set of conditions for accessing the managed service is met by the user; and responsive to a determination that the set of conditions for accessing the managed service is met by the user, provisioning the user access to the business application such that the user accesses the managed service using the information in the service profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A data processing system for provisioning user access to a business application within a framework of an identity management system, the data processing system comprising:
-
a bus; a storage device connected to the bus, wherein the storage device contains computer usable code; at least one managed device connected to the bus; a communications unit connected to the bus; and a processing unit connected to the bus, wherein the processing unit executes the computer usable code to generate a service profile for the business application comprising information used to access the business application to form a managed service in the identity management system;
define entitlements for the managed service comprising a set of conditions for accessing the managed service and permissions to be assigned to a user when the set of conditions is met;
determine whether the set of conditions for accessing the managed service is met by the user responsive to receiving a request to access the business application from the user; and
provision the user access to the business application such that the user accesses the managed service using the information in the service profile responsive to a determination that the set of conditions for accessing the managed service is met by the user.
-
-
17. A computer program product for provisioning user access to a business application within a framework of an identity management system, the computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code tangibly embodied thereon, the computer readable program code comprising; computer readable program code for generating a service profile for the business application comprising information used to access the business application to form a managed service in the identity management system; computer readable program code for defining entitlements for the managed service comprising a set of conditions for accessing the managed service and permissions to be assigned to a user when the set of conditions is met; computer readable program code for, responsive to receiving a request to access the business application from the user, determining whether the set of conditions for accessing the managed service is met by the user; and computer readable program code for, responsive to a determination that the set of conditions for accessing the managed service is met by the user, provisioning the user access to the business application such that the user accesses the managed service using the information in the service profile. - View Dependent Claims (18)
-
Specification