Exostar Identity and Access Governance: A Primer
Security and risk management professionals looking to strengthen control around which individuals have access to which resources face a wide set of challenges. As Identity and Access Management (IAM) solutions have evolved, so has the complexity of providing secure access for Workforce, Partner, and Consumer users.
Organizations are rapidly adopting new cloud services and accelerating digital transformation. As a result, security professionals must manage a growing number of digital identities and stakeholders. The Access: One platform simplifies these tasks and enables organizations to quickly address security and compliance challenges, including:
- Improving user productivity, reducing downtime and increasing user security
- Increasing visibility, automation and control of user access
- Simplifying complex security and audit tasks, making it easy to meet compliance requirements
Many IAM solutions are focused on single pain points, including user provisioning, identity governance, web access management, and/or strong authentication. With the Access: One platform, we address all of these challenges with a single SaaS-based identity and access governance platform. We enable organizations to easily and efficiently introduce comprehensive security controls while improving user productivity and security.
What is Identity and Access Governance (IAG)?
Identity and access governance is a framework of policies, processes, and platforms that ensures the right people have the right access to the right resources, and that organizations can prove it. Where IAM systems focus on authenticating users and connecting them to services, IAG extends those capabilities by asking whether that access is appropriate and auditable.
An identity and access governance framework typically addresses questions like:
- Who has access to what, and why?
- Are a user’s privileges appropriate for their current role?
- Can the organization demonstrate control over access decisions to auditors and regulators?
As organizations adopt cloud services and manage increasingly complex ecosystems of employees, contractors, and partners, cloud identity access governance has become essential.
A growing number of digital identities, spread across on-premise and cloud environments, makes it difficult to maintain visibility without a dedicated identity and access governance platform that centralizes policy enforcement, access certification, and reporting.
Identity governance vs. identity management
Identity management handles the operational side of IAM: provisioning accounts, enabling single sign-on, managing passwords, and authenticating users. It answers the question, “Can this person access this system?”
Identity governance answers a different question: “Should they?” IAM governance introduces oversight through access reviews, certification campaigns, and continuous compliance controls. It delivers the audit-ready access governance that regulators and compliance frameworks demand, giving organizations evidence that access decisions are documented and defensible.
What to expect from an identity and access governance platform
Identity and access governance (IAG) spans a far-reaching set of scenarios and interactions that span all identity and access management (IAM) constituencies. Done well, the right solution will address the following concerns:
- User credentials are secure and, where appropriate, leverage biometric / strong authentication methods.
- A user is always the person they claim to be.
- A user’s details are correct and current.
- A user’s access entitlements (privileges) are appropriate for their roles and responsibilities.
- A user is able to manage their own credentials.
- A user is able to easily request access to new services (and remove access to unnecessary services).
- Appropriate systems exist to ensure authorized employees have the ability to approve (and verify) access privileges and requests.
- The organization can easily demonstrate it has control over user access and entitlements in a timely manner.
Bringing together access management and identity governance
Access management platforms have traditionally focused on providing services for authentication, single sign-on, trust elevation, and authorization. As time has progressed (and IAM solutions have matured), access management vendors have expanded their offerings to provide lightweight governance services focused on the end-user, including access request, access approvals, and password management.
At Exostar, we consider governance to be an integral part of an end-to-end enterprise IAM service. Good governance is a component of the fabric that brings together users and services in a controlled way. We believe governance capabilities need to be tightly integrated and aligned with access management services to deliver platforms that are secure and easy to use. When looking to provide governance capabilities as part of an enterprise IAM platform, we consider the following:
Ease of deployment and configuration
- Fast, simple deployment: The platform should be easy to deploy and quick to configure, with comprehensive governance capabilities built into the SaaS offering.
- Centralized administration: Administrators, managers, and end users should be able to complete IAM-related tasks from a single place, including user administration, access requests, approvals, and self-service.
- Flexible organizational hierarchy: The platform should allow administrators to map users to the right line managers, delegates, and approvers. It should also support hierarchies based on departments, locations, suppliers, subsidiaries, or other business structures.
- Integrated IAM experience: Users should be able to manage their preferences and privileges from the same place they access services. Line managers and application administrators should be able to complete their IAM responsibilities from one central point.
- Built-in support for common use cases: The platform should address the most common access management and identity governance requirements without forcing organizations to add unnecessary complexity.
Addressing the most common access management and identity governance use cases, all of these capabilities can be easily implemented using Exostar’s Access: One
Identity lifecycle management and governance
- Flexible workflow and provisioning: The platform should support configurable fulfillment workflows and provisioning processes, including integration with systems of authority and control, such as HR and helpdesk systems.
- Support for multiple user populations: Administrators should be able to reconcile multiple HR feeds and user types, including employees, contractors, third-party providers, and other external users.
Self-registration and manager-driven administration: End-user self-registration and manager-led access administration help ensure the right people receive timely access to the right services. - Fine-grained entitlement management: Governance requires more than coarse-grained provisioning. The platform should support detailed entitlement management, as well as reconciliation with existing identity repositories to maintain integrity over time.
- Account adoption and orphan account management: When reconciling account details from connected systems, the platform should support automated account adoption and help identify or manage orphaned accounts.
- Provisioning across cloud and on-premises services: The platform should be able to fulfill access requests for cloud-based and on-premises applications.
Providing Actionable Intelligence
- Decision support in one authoritative service: The platform should bring request history, approval records, and usage patterns together so approvers have the context they need to make informed decisions.
- Clear visibility into user privileges: Administrators, managers, and approvers should be able to see what access a user holds and understand complex technical privileges as clear business entitlements.
- Risk-aware access approvals: The platform should help model the risk and compliance impact of an access request at the time of approval, including support for high-risk requests and segregation of duties concerns.
- Entitlement-based risk scoring: The platform should be able to assign risk scores based on the entitlements a user holds, giving teams a clearer view of access risk across the organization.
- Flexible access certification: Certification campaigns should be configurable by audience, risk level, time period, or application type. By using clear entitlements, access reviews become easier for end users, managers, and application owners to complete.
- Comprehensive reporting: The platform should support user-specific and role-specific dashboards, as well as reporting, data mining, and export capabilities based on a user’s administrative rights.
Access from a secure, single point
- Configurable application launchpad: The platform should provide a launchpad that users can tailor into workspaces and application groups that support how they work.
- One place for identity functions: The launchpad should provide a central point for identity services, including single sign-on, preference management, self-service, and access administration.
- Frictionless, secure access: Users should be able to access services securely without unnecessary friction. The platform should support single sign-on and strong, passwordless authentication.
Increasing Productivity through delegated administration and self-service
- Self-service password and preference management: Users should be able to manage passwords, update contact details, set preferences, configure strong authentication choices, and recover forgotten credentials through easy-to-use self-service tools.
- Simple access requests and approvals: The platform should make access requests and approvals easy to complete, encouraging self-service and delegated administration wherever appropriate.
- User-friendly access management: Users should be able to manage their access to applications and groups through an interface that is straightforward to understand and use.
- Manager-led administration: Line managers should be able to request access on behalf of their direct reports, review existing access rights, and manage access approvals and certification tasks from one intuitive interface.
- Decisions closer to the user: Productivity improves when routine access decisions happen near the people who need them. Empowering line managers and local administrators helps keep day-to-day access management timely, controlled, and efficient.
Exostar Access: One
Securing your enterprise with a comprehensive SaaS solution for Identity and Access Governance
Delivering a comprehensive set of capabilities from a single platform, Access: One enables organizations to quickly improve security and productivity while enhancing their capabilities for:
- Secure access management, including single sign-on and strong passwordless authentication.
- Identity governance, delivering easy administration for line managers and application owners while providing valuable, audit-ready insights that demonstrate you’re making the right kind of access decisions.
Rather than managing multiple solutions and integrations to provide the end-to-end capability outlined above, customers can leverage Exostar Access: One to quickly realize the benefits of a market-leading service for access management, identity governance, user lifecycle management, and strong authentication.
Consider how Access: One could help to drive compliance and user productivity through an easy-to- implement and easy-to-configure cloud services for identity and access governance.

Why Exostar?
The Exostar Platform represents the culmination of 20 years of successfully and exclusively delivering secure B2B collaboration solutions for a growing community in highly-regulated industries. It supports the governance, risk, and compliance requirements for collaboration between enterprises and their partners.