Identity Governance & Administration

IAM: Identity Governance & Administration

Identity & Access Manager (IAM) is a complete Identity Governance & Administration Solution. IAM provides timely, standardized, and easy management of user accounts and access rights on the network while maintaining full compliance with laws and regulations in the areas of HIPAA, SOX and many more.

The functionality in IAM is offered through different modules; namely User Provisioning, Workflow Management & Self-Service, Helpdesk Delegation, Access Governance and Downstream Provisioning. Read more below about these modules.

User Provisioning

Information in the HR system is an excellent source of data for Identity Management. Our User Provisioning software creates a connection between the HR system and the user accounts in the network (Active Directory, for example). With IAM User Provisioning, the entire intake, progression, and outflow process is automated. Changes are implemented quickly, faultlessly, and efficiently. 

Automating the user account management process

The personal details of employees, such as their name and address details, contract starting and ending dates, department, position, and cost center, are all tracked accurately in the HR system. This makes the HR system the ideal source for all changes involving user accounts.

With IAM User Provisioning, it's possible to synchronize user account information automatically between the HR system (SAP or PeopleSoft, for example) and the network. A change in the HR system is detected by IAM and is then automatically implemented in the network.

Benefits of User Provisioning

shorter lead time

Shorter lead time 

New employees are assigned the correct rights in good time, and are productive from the very first day.



Changes are implemented immediately and faultlessly in the network, without any manual intervention.

Effectiveness and efficiency improvement

Effectiveness and efficiency improvement

The concept of 'core registration' is introduced. The details are managed in one place in the organization, rather than by different departments.

Workflow Management (WFM)

With Workflow Management and Self-Service, employees and managers themselves can request, check, and approve facilities without any IT intervention. For example, an employee may request access to an application, a project, or to view reports. The approval process is part of a structured workflow. The manager can authorize the request and with our IAM software, it can be implemented immediately in the network. 

Streamline all service provision processes

The organization itself often knows best how a user account and access rights should be managed. With the correct software it's possible to involve the organization more in managing user accounts, and to put managers and employees at the core of the user management process.

Our IAM software supports a wide range of systems. This makes it possible not only to apply Workflow Management and Self-Service to user account management, but also to a variety of other service provisioning processes. Examples might be requesting physical access to a work area, applying for a smartphone, or submitting a helpdesk call. Watch the video to learn more about IAM Workflow Management

Benefits of Workflow Management & Self-Service

Timely user management


With an automated system the applicant himself has control over the moment of applying and the actual duration of the request.

Approved authorization mechanisme


IAM has an integrated authorization mechanism with the log-in account of the manager. In this way, IAM always knows who submitted the request and, more importantly, that a manager has approved it.

Integration with other portals


The number of Self-Service portals is growing. It’s important to offer the end-user just one portal. IAM can be integrated seamlessly with other portals, so that the end-user does not become confused and enjoys a one-portal experience.

Helpdesk Delegation (HD)

Traditionally, managing user accounts is performed by the helpdesk and functional application administrators. These are trained and skilled IT staff, who hold advanced admin rights to be able to perform their work. With the Helpdesk Delegation module of IAM, all user management tasks are recorded in IAM scenarios and are linked to web forms. This allows less technical IT staff to perform user account management tasks without advanced admin rights. Each and every change is also recorded in the same way in an audit log.  

Work of second-line and third-line performed by the first-line

Using Helpdesk Delegation, less-technical IT staff can safely perform a range of management tasks, such as creating accounts, processing them, removing them, and resetting passwords, without needing any explicit IT knowledge.

Thanks to the approach using a standardized questionnaire, an experienced consultant and a library with hundreds of scenarios, Tools4ever is able to deliver a working environment in a short period of time, with which unskilled IT staff will be able to perform user management immediately. 

Benefits of Helpdesk Delegation

Improved Security

Improved security

The IT staff do not need any admin rights in order to perform user account management tasks.

Enhanced staff productivity

Enhanced staff productivity

Changes can be performed by all employees rather than only by trained, skilled IT staff.

Complete auditing

Faster and more complete auditing

Modifications are standardized so that mistakes can be prevented. 

Access Governance (AG)

Access Governance (also known as Role Based Access Control, RBAC) supports the management of employee access rights for applications and data. IAM Access Governance replaces the copy-user, spreadsheets, user templates and other types of manual, imperfect and error-prone access management practices. Access rights are recorded in a universally-manageable model and are then issued, changed, and withdrawn through this model. Access Governance offers a variety of methods to build the model (mining), to manage it (workflow requests and approvals), and to keep it unpolluted (attestation and reconsolidation). 

Structured and phased authorization management

Our Access Governance software ensures that employees maintain the correct authorizations appropriate to their roles. Based on the employee's role, an authorization matrix is used to determine the resources to which the employee has access, (for example being able to perform certain transactions, access to a system or part of it, and access to specific physical locations.

It starts with the current maturity level, after which the desired requirements are implemented. The goal is to create an authorization matrix which is as complete as possible, taking all the available Access Governance information into account. In this way your organization can set up phased authorization management without any major organizational effort.

Watch the video to learn more about Access Governance. 

Benefits of Access Governance

Improved Security


Structuring the authorization management guarantees that employees have the correct access rights. Not too few (productivity losses) and not too many (copy-user and rights accumulation). 

Compliant NEN ISO SOX


Structured management and monitoring of rights makes it possible to show that authorization management is under control (NEN, ISO, SOX, BIG). Employees also acquire the right authorizations immediately and easily.

Cost savings

Cost savings

By managing efficiently cost can be saved. Indirect costs are saved because fewer incidents occur and unnecessary licensing fees are avoided.

Downstream Provisioning

Achieving an automatic connection to systems other than Active Directory, Exchange, and NTFS for managing user accounts is a subsequent step. In the downstream provisioning phase, the notification e-mails which are normally sent to application administrators are replaced by automatic application connections. By default, IAM has a large set of connectors for managing user accounts (authentication) and rights (authorizations) in systems and applications.  

IAM links all the systems in your network

IAM is delivered with a large number of default connectors. These connectors have been developed by Tools4ever and are maintained as part of the maintenance contract.

IAM has around 150 standard connectors for various systems and applications containing user accounts information. These include operating systems, helpdesk systems, HR systems, student information systems, directories, databases, telephone systems, ERP systems, and a host of other systems. 

Benefits of Downstream Provisioning

Short user accounts lead time

Short user accounts lead time

New employees have the proper authorizations to the network and adjacent systems and applications.

Reduces the management burden for applications

Reduces the management burden for applications

Application Engineers are less burdened with processing the changes of user accounts.

Manage user accounts unequivocally

Manage user accounts unequivocally

The process around managing user accounts is deployed at the same, uniform manner for all systems and applications in the network.