Demo
Demo
Identity Governance Product Briefs

Omada Identity Cloud Guide

Contents

Enterprise-Grade IGA Software-as-a-Service

The Next Generation Of IGA Solutions

Ensuring secure, compliant, and efficient access to critical data for key employees and partners has never been more important. Investing in reliable Identity, Governance and Administration (IGA) solutions has therefore become a top priority. But, implementing IGA requires more than just software. It requires a transformation of business processes and workflows based on the latest IGA best practices and it requires software that can be adapted to the existing IT environment.

Omada Identity Cloud provides a next generation solution that includes guidance in IGA best practices and implementation supported by enterprise-grade Software-as-a-Service (SaaS) that can be adapted to your unique organizational processes, rules, and workflows.

Enterprise-Grade IGA

Omada’s award winning identity solution provides an enterprise-grade, mature Software as-a-Service offering with a comprehensive set of IGA features. This means customers no longer need to compromise when moving their IGA implementation to the cloud but can be confident that the same enterprise-grade security and IGA capabilities are available.

The solution is fully configurable enabling support of specific requirements as well as legacy systems and interfaces without the need for custom code development. This ensures backward compatibility and a seamless upgrade path for ease of maintenance and operation.

Supporting Evolving Requirements

The security and governance landscape has changed dramatically over the last few years with more changes to come. IGA is the first line of defense requiring a structured, reliable, but also adaptable solution. Omada Identity Cloud is regularly updated with new features to support shifting security and governance requirements.

As a cloud-based solution, new features are available to customers immediately with no need for coordinated company-wide software updates. Powered by Microsoft Azure Cloud, the platform can scale to meet any requirement taking advantage of security, business continuity capabilities and data residency requirements.

Tangible Business Benefits


  1. Accelerate implementation of IGA best practice processes
  2. Secure access to sensitive data and resources enterprise-wide
  3. Identify and mitigate risks with full transparency
  4. Act quickly on violations with built-in automated workflows


  1. Master governance and compliance with automated processes and reports
  2. Increase productivity and satisfaction via automated control and self-service
  3. Significantly reduce time used by valuable and scarce human resources
  4. Use automated IGA processes as enabler for broader digital transformation


A Complete Solution for Successful IGA Projects

The Omada Identity Cloud IGA platform is one of the four fundamental building blocks in the Omada IGA value proposition. Each block plays an important part in helping customers and partners achieve excellence in managing technology, people, and processes.

Omada building blocks

Omada’s Four IGA Building Blocks:

  1. Omada Identity Cloud: IGA as-a-Service or on-premises software installation with feature parity
  2. Omada Academy: IGA e-learning and in-person courses for partners and customers
  3. IdentityPROCESS+: The leading IGA best practice process framework
  4. IdentityPROJECT+: The proven project methodology for IGA success

These four building blocks reflect our focus on not only providing leading technology, but on ensuring the success of our customers and partners with their IGA initiatives. Together, they ensure a structured and reliable approach to IGA planning and implementation, but with the flexibility to rapidly adapt and meet new requirements with Omada’s enterprise-grade IGA software-as-a-service.

Identity Governance Software-as-a-Service

Omada Identity Cloud

Omada Identity Cloud provides a mature and reliable solution for automation of IGA processes and policy enforcement. Omada Identity Cloud is positioned as a leader in the latest Gartner Magic Quadrant for IGA providing the only solution on the market with full feature parity for both on-premises and software-as-a-service offerings. This enables and supports enterprise hybrid strategies as more workloads are moved to the cloud.

The Identity Cloud solution is designed to be highly configurable eliminating the need for custom development of critical functionality saving time, effort, and cost during deployment. A comprehensive set of best practice IGA processes and workflows are supported out-of-the-box and can be adapted to individual enterprise requirements without the need for custom development. A unique integration model enables configurable connection to other applications, systems and authoritative sources and easy integration into IGA processes and workflows.

With Identity Cloud Software-as-a-Service, all of these capabilities are available in a cloud-architected solution. This further reduces deployment time and cost eliminating the need for software installation and version management across the organization. As new capabilities, features and best practice process support are added to the Omada Identity Cloud Platform platform, they are immediately available to the entire organization.

Ease Of Adoption, Integration, And Operation

Omada Identity Cloud is designed for the real world. The flexible solution design addresses that enterprises now have hybrid, heterogeneous environments based on the latest cloud solutions, but also critical legacy systems. It recognizes that available data is imperfect and that preparing data for IGA processes is a major undertaking. It recognizes that no two enterprises are the same and that processes and workflows need to be adapted so that it is the tool that fits the enterprise and not the enterprise that needs to adapt to the tool. It recognizes that enterprises do not have the time and resources to provide or consume custom code development.

Identity Cloud is therefore designed to ease the adoption, integration, and operation of the latest best practice IGA processes across the modern heterogeneous enterprise environment. It is designed to be fully configurable through intuitive web-based interfaces including data models, objects, and attributes. It provides standard processes, workflows and connectors to hundreds of applications, systems, and authoritative sources out-of-the-box, all of which are configurable. This accelerates the implementation of IGA processes with a solution that fits your unique environment.

“Omada has one of the most robust auditing mechanisms among the IGA players, with out-of-the-box case management capabilities to react to violations and other audit events, including formal case handling workflows to manage incidents into closure.” [Source: Leading Analyst Company]

Enterprise-Grade IGA

The term “enterprise-grade” is often used, but not often understood. In the context of IGA, enterprise grade refers to the complexity of modern enterprise IT environments and the need for solutions that make managing and governing that environment easy.

Enterprises now rely on a host of applications and systems both installed on-premises and in the cloud, some of which are centrally controlled and some which are controlled by individual departments and groups. Providing a unified approach to IGA requires solutions and platforms that can span this heterogeneous environment, understand the context, and enable automated control and governance.

Omada Identity Cloud is an enterprise-grade IGA SaaS solution that provides the critical functionality modern enterprises need to stay ahead of developments. The functionality provided by Identity Cloud is designed to support the explore, build and operate phases of the Omada IdentityPROJECT+ implementation methodology with out-of-the-box support for best practice IGA processes as described in the Omada IdentityPROCESS+ framework.
The combination of enterprise-grade functionality supporting a well-defined methodology and out-of-the box process support makes Omada Identity Cloud the most comprehensive IGA solution on the market today.

Processes and Functionality

Functional Areas: Data Cleaning, Workflows, and Applications Integration

Data Cleaning


  1. Establish a consolidated data model
  2. Data matching using fuzzy logic
  3. Data de-duplication
  4. Automatically enrich and modify data objects with data classification policies


  1. Simultaneous matching of multiple authoritative sources
  2. Prioritization rules for identification of primary identity source
  3. Data matching validation processes


Configurable Workflow Engine


  1. Comprehensive best practice IGA process framework
  2. Option for manual, triggered, or scheduled workflows
  3. Pre-configured email integration and email prompts


  1. Configuration of workflows, processes, and forms via web-based interface
  2. Activity assignment based on policies and rules
  3. Configurable escalation process


Application Integration


  1. Integration model for application, system and authoritative source connection
  2. Extensive range of standard connectors
  3. Authoritative sources such as SAP HCM, SuccessFactors, Workday, UltiPro


  1. Integration with ITSM, SIEM, PAM, Data Access Governance
  2. Open extensible platform with SDKs and APIs
  3. Authentication via OpenID Connect and SAML


Functional Areas: Access Roles And Privileges

Role Lifecycle Management


  1. Management of role lifecycle processes, role mining and modelling
  2. Role mining tool for analyzing and building roles based on data from connected systems


  1. Mining based on identity types, identity templates, identity attributes and identity relations


Access Process Automation


  1. Multiple policy types for automation and control of access processes
  2. Automated assignment of access based on organizational policies
  3. Constraint policies for determining access eligibility


  1. Segregation of Duty (SoD) policies and constraints
  2. Dynamic organizational modelling
  3. Extendable role and policy engine
  4. Intelligent control policies with automated case handling workflows


Functional Areas: Managing Identities and Access

Identity Lifecycle Management


  1. Control access rights to data, applications and resources according to defined assignment policies
  2. Access based on role or context and automatic revocation upon changes to that role or context


  1. On-boarding of employees and contractors
  2. Sourcing of identity data from multiple authoritative data repositories
  3. Act as authoritative source


Automated and Unified Provisioning


  1. Unified provisioning to heterogeneous IT systems
  2. Choice of automated, partly automated or fully manual provisioning


  1. Integration with service desk solutions


Self-Service Access Request


  1. Portal for users and managers to request access to data and resources
  2. Context-based self-service access request
  3. Multi-level configurable approval workflows


  1. Serial and parallel approvals
  2. In-process SoD policy checks
  3. Requests for multiple identities, systems and resources in one request


Business Partner Enrollment


  1. Customer Identity Access Management (CIAM) self-service tool
  2. Allow partners and customers to register for access to relevant information


  1. Web-based login or log-in based on social media accounts


Password Management


  1. Ability for users to change passwords without involving the helpdesk
  2. Users can reset passwords for owned accounts or on behalf of other users


  1. Synchronization across connected applications enabling single sign-on


Functional Areas: Certification, Compliance and Risk

Cross-System Access Certification


  1. Validation and approval of current state of access to ensure compliance and security
  2. Access certification on entitlements, identities, and account ownership
  3. Configurable survey types for user entitlement, account, permission entitlement reviews
  4. Triggered based on events or scheduled for periodic re-certification


  1. Efficient interface for search, sorting, look-ups and forwarding for re-assignment
  2. Survey types compliant with strict regulatory requirements
  3. Central monitoring of certification campaigns
  4. Automated escalation and notification
  5. Standard certification audit reports


Compliance and Auditing


  1. Cross-system reporting and analytics
  2. Actionable dashboard for compliance-related controls • Full compliance overview across connected systems and applications with ability to drilldown into details
  3. 50+ standard reports available


  1. Configurable KPI dashboards
  2. Historic reports enabling forensic analysis
  3. Ability to modify report types and define new report types


Risk Management


  1. Computation of risk scores to support approval workflows, access reviews and risk  monitoring
  2. Risk scores computed for systems, resources, resource assignments, accounts and  identities


  1. Risk classification tag with risk factor and risk weight
  2. Display of risk scores based on configurable intervals


Functional Areas: Data Cleaning, Workflows, and Applications Integration

Data Cleaning

With Omada Identity Cloud data quality does not need to be perfect when you start. Unlike other IGA solutions that require perfect data before they can be used, Omada Identity Cloud is built to accommodate real-world situations. Data is often required from disparate sources with their own data models and needs to be processed before a reliable consolidated data model can be established. Omada Identity Cloud provides a robust process for data matching, enriching, and cleaning during application onboarding.

Control policies automatically check for master data and entitlement data quality issues, including ‘missing manager information’, replacing resource owners that are no longer employed, handling of duplicate identities and other validity issues. Omada Identity Cloud data cleaning functionality establishes control and continued assurance of data quality for IGA processes.

“Omada’s product offers a robust process for cleanup during application onboarding.” [Source: Leading Analyst Company]

Configurable Workflows

Omada Identity Cloud supports a comprehensive range of IGA best practice processes and workflows out-of-the-box. These can be configured to meet your specific needs without the need for costly and time-consuming programming effort. This includes the ability to add new workflows and processes as well as configure escalation concepts. Activities can be assigned and reassigned to users or user groups based on automated calculations, policies, and rules.

This is made possible by a dynamic workflow and process engine that is configurable and extendable. The engine is configured through an intuitive web-based interface without the need for custom code. Workflows can be configured to be manually launched, triggered by events or scheduled. Workflow reminder services and email integration are provided out of the box.

Application Integration

Omada Identity Cloud provides a unique integration model to easily connect to relevant applications, systems, and authoritative sources. This includes integrating applications and systems into existing role concepts and access management processes. A wizard supports easy configuration of the attributes of the application or system, such as definitions, data mappings, data import and provisioning methods. Built-in dashboards provide an intuitive overview of the systems, ownership, risk classifications and more.

Omada Identity Cloud ensures enterprise-wide access control of all relevant applications, systems, and data. Omada Identity Cloud provides hundreds of standard connectors for on-premises and cloud-based solutions. In addition, it provides an open extensible platform with accessible SDKs and APIs as well as authentication via OpenID Connect and SAML.

Functional Areas: Access Roles and Privileges

Role Lifecycle Management

Establishing explicit roles with defined privileges is critical for ensuring that only the right people can access the right data at the right time. The Omada Identity Cloud role mining tool supports the analysis and establishment of enterprise-wide roles and privileges. Role Mining is performed on live production entitlement data extracted from connected applications, systems and authoritative sources. The tool is capable of determining the roles that provide the best fit to the organizational hierarchy by traversing the organizational structure and establishing policies for organizational level privileges.

Role Mining can be based on parameters such as identity types (e.g. employees, consultants, business partners, customers etc.), identity templates (e.g. selected employees, business functions, business roles), identity relations to organization and placement in the organizational hierarchy (OU’s) and identity attributes (e.g. job function, location etc.).

“Omada’s product has a very flexible risk scoring system.” [Source: Leading Analyst Company]

Access Process Automation

Omada Identity Cloud provides a range of powerful policy types out-of-the-box, which enables full automation of access processes. These include assignment policies, constraint policies, control policies and Segregation of Duty (SoD) policies. Each policy plays an important role in ensuring security, compliance and efficiency. Assignment policies ensure that access privileges are aligned with organizational policies while constraint policies control which data and resources roles are eligible to access. SoD policies address the real-world issue of conflicts in access rights due to an individual having multiple roles and ensuring that “least access” privilege practices are enforced. Intelligent control policies include automated case handling workflows that automate the response to audit events and access violations saving time when responding to what could be serious events.

These policies and constraints are critical, as security breaches regularly exploit discrepancies in access rights. They are also essential in ensuring compliance with strict governance procedures and industry standards.

Omada Identity Cloud enables enterprise-wide policies and controls to be established with automated enforcement. Dynamic organizational modeling supports automated assignment of access rights based on organizational policies. An extendable role and policy engine enables continuous refinement of access policies. These capabilities eliminate the need for human intervention increasing organizational efficiency.

Assignment of Resources Based on Policies

omada identity cloud assignment resources

Governing the Lifecycle of Roles and Privileges

omada identity cloud

Functional Areas: Managing Identities And Access

Identity Lifecyle Management

Advanced Identity Lifecycle Management enables control of individual access rights to data, applications, and other types of resources according to defined assignment policies. This supports processes for on-boarding and off-boarding of employees and contractors, as well as revocation of access to resources as an individual or organization’s role changes.

This includes key events in the identity’s lifecycle, such as a contractor being converted to an employee, delegation of responsibilities or parental leave. Identity data can be sourced directly from one or more authoritative data repositories, such as HR systems or the platform itself can be an authoritative source for others, such as contractors.

Automated And Unified Provisioning

Implementing IGA processes requires provisioning across all connected systems, applications and authoritative sources. Omada Identity Cloud provides multiple, flexible provisioning options across the heterogeneous enterprise environment. This enables provisioning with assignment policies to be fully automated. For some environments, full automation is not possible.

Omada Identity Cloud therefore provides the option of defining that parts or all of the provisioning process are performed manually. Omada Identity Cloud can also be integrated with a service desk solution to fully support the provisioning process. This includes relayed provisioning functionality that allows the creation of a work item inside an IT service management tool.

omada identity cloud

Self-Service Access Request

Omada Identity Cloud provides a Self-Service Access Request capability that makes it easier for users and managers to request access without the need for human intervention. Based on a user-friendly portal, it enables users to request multiple services in one request also on behalf of others, such as managers requesting access for their employees. Delegated administration can be based on management reporting lines with serial and parallel approvals or other appropriate rules. Access can be requested within a context such as job functions or projects and Omada Identity Cloud ensures that access privileges are removed automatically as soon as the context membership is terminated, supporting the principle of “least privilege” access.

Business Partner Enrollment

Omada Identity Cloud provides a Customer Identity Access Management Self Service (CIAM) experience that enables customers and partners to register for secure and fast access to relevant information. Log-in by customers and partners is performed via a browser interface or through social media log-in functions. Identities and accounts are created automatically. CIAM significantly reduces the administrative burden of providing access to external parties while increasing the efficiency of cooperation and collaboration.

Password Management

Password Management processes enable users to reset their password without contacting the helpdesk. Users can reset passwords for owned auxiliary accounts, or on behalf of other users, such as allowing a manager to reset the password of a managed identity. Passwords can be synch

ronized across all connected applications enabling single sign-on so the user need only remember one password thus reducing the risk of password exposure to bad actors.

omada identity cloud

Best Practice Processes: Access Request and Approvals

Over time, users need to request more access to systems as they progress through their employment. It is important that they are granted the right level of access and the reasons for access are properly documented for auditing purposes. The process automates access requests enabling end users to provide the right information so that access can be granted quickly without introducing security and compliance violations. Based on defined policies the automated evaluation processes determines whether inappropriate combinations of access rights have been assigned, detects any violations, and allows managers to evaluate the situation to decide whether access should be allowed or blocked.

omada identity cloud

 

Functional Areas: Certification, Risk, And Compliance

Cross-System Access Certification

Access certification enables the validation of the current state of access to ensure that it is compliant and secure. Access certification and re-certification can be performed on entitlements, identities, account ownership and much more.

Omada Identity Cloud features multiple configurable campaign types (“survey types”) that meet best practice recommendations and strict regulatory requirements out-of-the-box. These include user entitlements reviews, accounts reviews, permission entitlements reviews, permissions reviews, periodic roles, and business description reviews. Campaigns can be centrally monitored with automated escalation and notification. They can be configured for any type of object and can be triggered based on events or scheduled for periodic recertification.

Risk Management

Omada Identity Cloud provides a powerful Risk Management concept that adds value across systems, processes and controls. The risk concept can be used in the approval of workflows and to understand the severity of audit events and other notifications. Risk scores are computed for systems, resources, resource assignments, accounts, and identities.

The risk calculation of a resource is based on its classification. Each applied classification tag can carry a risk factor and a risk weight. Risk scores are displayed in user-friendly values based on configurable intervals. This supports harmonization and agreement across the organization on risks associated with access rights and events that occur.

omada identity cloud

Compliance And Auditing

Omada Identity Cloud provides powerful compliance and auditing capabilities. Cross-system reporting is available for current and historical overviews and analysis. The built-in analysis and reporting features deliver identity intelligence and answers to the basic questions of ‘who has access to what’, and ‘who approved the access’. For instance, it is possible to track each access request made, whether initiated by HR changes, self-service requests or via automated assignment policies, such as assignment of birth rights.

Several dashboards are included such as an actionable dashboard for compliance-related controls, such as orphaned accounts and unapproved access remediation and KPI dashboards.

Omada Identity Cloud supports continuous monitoring of compliance and supports automated, as well as manual actions and mitigations. It provides a “true” overview, which is an important audit requirement.

Reconciliation is performed by continuously calculating the delta between the state of monitored systems and the desired state. Omada Identity Cloud gathers and reconciles data from the connected applications, systems and authoritative systems enabling reporting and data analysis.

An actionable compliance dashboard provides an overview of issues making it possible to mitigate risks and inconsistencies efficiently and effectively.

omada identity cloud

Systems Overview and In Depth Data Analysis: Compliance Dashboards

omada identity cloud

Omada Identity Cloud: The Foundation for Business Transformation

omada identity cloud

Omada Identity Cloud supports the Omada IdentityPROCESS+ framework and IdentityPROJECT+ methodology and thus accelerates the implementation of IGA best practice processes in heterogeneous enterprise environments. This recognizes the need to address people and processes as well as technology if one is to succeed in implementing IGA. With a successful IGA implementation, organizations have established a foundation that can support further business transformation. Ensuring secure, compliant, and efficient access to critical data and resources accelerates business transformation initiatives with low risk and greater potential for success. At Omada, we have designed Omada Identity Cloud to ensure that the foundational process of implementing best practice IGA is the first success on your business transformation journey.

 

A Scalable and Secure Platform Powered by Microsoft Azure

Omada Identity Cloud is hosted on Microsoft Azure, one of the most reliable, scalable and secure cloud hosting platforms available.

  1. Support for regional data privacy requirements
  2. Microsoft Azure provides “geo-redundancy” with database backup allowing the region where data is stored to be  selected as well as backup to an additional region to  ensure business continuity
  3. ISO certified support and operations
  4. Omada Identity Cloud provides the highest security standards based on both standard Azure security features as well as  vulnerability and penetration testing performed regularly by Omada according to ISO 27001
  5. Omada is a member of the Microsoft Intelligent Security  Association (MISA) supporting the sharing of threat  intelligence data among identity and access management providers.

 

Omada Identity Cloud Services Included in Subscription


  1. Omada Identity Cloud Enterprise-Grade IGA SaaS
  2. High-availability service with 99,9% availability
  3. Critical incident response times are guaranteed within maximum 1 hour
  4. Critical incident updates every 30 minutes
  5. 24/7/365 service support covering 2nd and 3rd level support
  6. Tiered deployment environment included for Non-Production and Production
  7. Unlimited number of connected systems


  1. Unlimited data storage and unlimited traffic
  2. Flexible upgrade windows that fit your business needs
  3. Service continuity management
  4. Disaster recovery and backup services
  5. Continuous reporting, health check and log handling
  6. Ongoing automated deployment of releases and patches
  7. Access to Omada Service Desk
  8. Access to Omada knowledge sharing HUB


Omada Service Desk Supports You When You Need It!

omada identity cloud

The Omada Service Desk is your customer-centric entry point for any incidents, service requests and feature requests. Our Service Desk is staffed with skilled support engineers and service delivery managers who are there to serve you and who handle any incoming requests from your organization with constant care.

Our team ensures that you receive timely progress notifications. Access to the ITSM-system is also provided allowing the latest status of your ticket to be viewed at any time. Reports on agreed Key Performance Indicators (KPIs) are provided regularly to ensures constant improvement in efficiency and an optimal customer experience.

The service subscription includes a four-tier escalation process providing a means for customers to escalate the ticket and ensure timely resolution.

 

Download PDF version

 

Let's Get
Started

Let us show you how Omada can enable your business.

Book a Demo