Recommendation engine for unified identity management across internal and shared computing applications
First Claim
1. A method, comprising,providing a data store including an identity management access database, wherein the providing a data store comprisesrecording a listing of identities,for each identity of the listing of identities, recording a set of peer and supervisory relationships between the identity and other identities of the listing of identities, andfor each identity of the listing of identities, recording previously requested access entitlement operations;
- generating suggested access entitlement operations for potential identities of the listing of identities on which to perform access entitlement operations, whereinthe generating suggested access entitlement operations further comprisesanalyzing a requesting user and one or more identities with connection to the requesting user to identify the potential identities of the listing of identities on which to perform access entitlement operations,analyzing the one or more identities with connection to the requesting user to identify patterns of access entitlement in the identity management access database,based at least in part on the patterns of access entitlement in the identity management access database, selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations andsuggesting an access entitlement operation based at least in part on a hybrid prediction approach combining collaborative filtering and content based filtering, whereinthe selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations further comprises calculating a ratio of a number of identities with connection to the requesting user to a number of identities with connection to the requesting user having a particular access entitlement; and
offering through a user interface the suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations, whereinone or more of the access entitlement operations creates or manages one or more accounts on a customer internal application via an on-premise proxy, andanother of the access entitlement operations creates or manages one of the one or more accounts on a shared computing system application via a multi-customer gateway on a shared computing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A recommendation engine for identity management is disclosed. A data store including an identity management access database is provided. Suggested access entitlement operations for potential identities of a listing of identities on which to perform access entitlement operations are generated. Suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations are offered through a user interface. In some embodiments, the generating suggested access entitlement operations includes analyzing a requesting user and one or more identities with connection to the requesting user to identify the potential identities of the listing of identities on which to perform access entitlement operations, and based at least in part on the patterns of access entitlement in the identity management access database, selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations.
86 Citations
18 Claims
-
1. A method, comprising,
providing a data store including an identity management access database, wherein the providing a data store comprises recording a listing of identities, for each identity of the listing of identities, recording a set of peer and supervisory relationships between the identity and other identities of the listing of identities, and for each identity of the listing of identities, recording previously requested access entitlement operations; generating suggested access entitlement operations for potential identities of the listing of identities on which to perform access entitlement operations, wherein the generating suggested access entitlement operations further comprises analyzing a requesting user and one or more identities with connection to the requesting user to identify the potential identities of the listing of identities on which to perform access entitlement operations, analyzing the one or more identities with connection to the requesting user to identify patterns of access entitlement in the identity management access database, based at least in part on the patterns of access entitlement in the identity management access database, selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations and suggesting an access entitlement operation based at least in part on a hybrid prediction approach combining collaborative filtering and content based filtering, wherein the selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations further comprises calculating a ratio of a number of identities with connection to the requesting user to a number of identities with connection to the requesting user having a particular access entitlement; and offering through a user interface the suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations, wherein one or more of the access entitlement operations creates or manages one or more accounts on a customer internal application via an on-premise proxy, and another of the access entitlement operations creates or manages one of the one or more accounts on a shared computing system application via a multi-customer gateway on a shared computing system. - View Dependent Claims (2, 3, 4, 5, 6, 8)
-
7. A system, comprising:
-
at least one processor; and a memory comprising program instructions, wherein the program instructions are executable by the at least one processor to; generate suggested access entitlement operations for potential identities of the listing of identities on which to perform access entitlement operations, wherein the program instructions executable by the at least one processor to generate suggested access entitlement operations further comprise program instructions executable by the at least one processor to analyze a requesting user and one or more identities with connection to the requesting user to identify the potential identities of a listing of identities on which to perform access entitlement operations, program instructions executable by the at least one processor to analyze the one or more identities with connection to the requesting user to identify patterns of access entitlement in the identity management access database, program instructions executable by the at least one processor to, based on the patterns of access entitlement in the identity management access database, select the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations, the program instructions executable by the at least one processor to select the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations further comprise program instructions executable by the at least one processor to calculate a ratio of a number of identities with connection to the requesting user to a number of identities with connection to the requesting user having a particular access entitlement, and program instructions are executable by the at least one processor to suggest an access entitlement operation based at least in part on a hybrid prediction approach combining collaborative filtering and content based filtering; and offer through a user interface the suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations, wherein one or more of the access entitlement operations creates or manages one or more accounts on a customer internal application via an on-premise proxy, and another of the access entitlement operations creates or manages one of the one or more accounts on a shared computing system application via a multi-customer gateway on a shared computing system. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing program instructions, wherein the program instructions are computer-executable to implement:
-
providing a data store including an identity management access database, wherein the providing a data store comprises recording a listing of identities a listing of identities, for each identity of the listing of identities, recording a set of peer and supervisory relationships between the identity and other identities of the listing of identities, and for each identity of the listing of identities, recording previously requested access entitlement operations; generating suggested access entitlement operations for potential identities of the listing of identities on which to perform access entitlement operations, wherein the generating suggested access entitlement operations further comprises based on the patterns of access entitlement in the identity management access database, selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations, the program instructions computer-executable to implement the selecting the suggested access entitlement operations for each of the potential identities of the listing of identities on which to perform access entitlement operations further comprise program instructions computer-executable to implement calculating a ratio of a number of identities with connection to the requesting user to a number of identities with connection to the requesting user having a particular access entitlement, and suggesting an access entitlement operation based at least in part on a hybrid prediction approach combining collaborative filtering and content based filtering; and offering through a user interface the suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations, wherein one or more of the access entitlement operations creates or manages one or more accounts on a customer internal application via an on-premise proxy, and another of the access entitlement operations creates or manages one of the one or more accounts on a shared computing system application via a multi-customer gateway on a shared computing system. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification