Authors – Ramakrishna J Gorthi (rjgorthi@in.ibm.com) & Vaibhav V Gadge (vaigadge@in.ibm.com)

Identity Governance and Intelligence (IGI) allows enterprises to provision, audit and report user access and his activities through life cycle, compliance and analytics capabilities. While one of the core functions of IGI revolves around providing a common platform for requesting accesses for any given application in the enterprise, there are ways to make life simpler for the end-user, especially around searching for the right access fit for his business needs, in a more efficient manner.

The Access Catalog that got presented to the end-users of IGI 5.2.4 was modular in the way that user had to pick what type of entitlement he wanted, in addition to the actual entitlement search. Something like what’s show in Figure 1.

Figure 1 - Modular Access Catalog

As can be seen above, for the activity “Self Create Request”,  if say the user wants to requests for entry for specific building, and if he believes that the access should have “Badge” as a search term, he would need to click on “Business Roles”, search for accesses with the search term of “Badge”, and then repeat the same for “Application Roles” and “Permissions” tabs.

While some enterprises might still be fine with this upfront modular segregation of access catalog, there are enterprises who want to give one single Access Catalog to the end-user to pick their accesses from. That’s precisely the change that was brought in, in IGI 5.2.5.

This could be achieved using the following configuration change in the Process Designer, for the requisite Activity, as shown in Figure 2.

Figure 2 - Configuration for Access Catalog Consolidation

The default value of “Consolidate Entitlement Catalog” is false, for backward compatibility. Admin can turn on this switch to True, for the appropriate activity under the appropriate workflow.

Once you turn on the switch and then the endusers login to the Service Center, here’s the consolidated view of accesses that he would see:

Figure 3 - Consolidated Access Catalog

As can be seen now, we’ve got just one single Access / Entitlement Catalog for the end-users to play with. This is one single hub of Business Roles, Application Roles, Permissions and External Roles.

Whatever searches the user performs in this view, will search across all the different entitlement types, to make the overall search more efficient.

Taking the same example we discussed earlier, if the user searches for “Badge” in the “Description” Field, that will ideally yield all the entitlements matching this criteria agnostic of the entitlement type:

Figure 4 - Efficient Search on Access Catalog

As you can see from the search results, these results are a consolidation of all different entitlement types, as long as they match the criteria, thereby facilitating users to zero in the right access they need to request for, in a faster and a more efficient means.

Just to add a few more aspects around the Search on this panel:

1. Application - You could still call out an Application here to filter within a given application. Obviously, the moment you use the Application Name, Business Roles won’t show up in the result anymore.
2. Permission Type and Family – These criteria are borrowed from the Permissions tab you had in the modular view, if at all, you still want to select “Type” as “Permissions” and then do added filtering on top of it.