What Is Identity Reconciliation?
Reconciliation is an Identity Governance audit process, which compares User access, access rights, and privileged accounts, against the agreed-upon authoritative identity source of truth.
This process is used to confirm what data is present in an application, and sync that data with an existing Identity Management System to ensure the right access to systems for the right people.
Business Applications and Identity Management systems (IAM) rely on reconciliation services IDHub's to maintain their security.
Why Is Reconciliation Necessary?
User identities that are reported with incorrect access privileges are both a serious compliance risk, and also a violation of any standard privileged access management security policy, and for good reason.
When access levels are not in sync with your authoritative source, you lose the ability to monitor your organization's network, exposing you to unknown threats, which ceases to validate compliance requirements.
As part of Identity Lifecycle Management, tracking thousands of applications and access permissions is critical to maintaining network integrity within your business operations.
What Are The Different Types Of Identity Reconciliation?
Full Reconciliation
Full reconciliation is the process of fetching account and user access attributes, from target systems, and publishing
them into Identity Management Systems.
This is completed to observe changes and detect discrepancies, between the Identity Management System and applications.
Full reconciliation recalculates the existence, ownership, and state, for each account listed in the connected application.
A full reconcile is a comprehensive evaluation of User Profile Management, its respective resources, and its entitlements.
Incremental Reconciliation
Incremental reconciliation only processes the accounts and entitlements that have been added, deleted, or modified, since the last successful reconciliation.
It is faster than processing a full set of target system accounts, and typically runs on a periodic basis.
Automatic Reconciliation
Automatic reconciliation occurs with connected applications, which have been scheduled to run at regular timely intervals.
This allows for near real-time synchronization of identities and actionable insight.
How Does Access Get Out Of Sync?
Applications get out of sync due to human error with disconnected applications, and communication errors with connected accounts.
When there is no automatic syncing process, any access activity or change a user makes outside of the IAM system does not automatically get updated.
Without a manual reconciliation, the data will not match and individual privileges or role-based access controls can be overwritten.
For example: If an employee leaves the organization, without an administrator manually removing the account within the application itself, the account would be considered an orphaned account.
Another reason access would become out of sync, could be the result of the application itself having a communication error, which prevented the data from syncing correctly.
Reconciling user accounts will help to prevent orphaned accounts.
How does IDHub Reconcile?
IDHub is an Identity and Access Management platform, unique compared to the others.
With a completely custom solution, requiring minimal technical experience, if any, offers the ease of use for admins, and security of data to the org.
Learn more about IDHub and Reconciliation.