go:Identity
go:Identity offers a complete, centralized identity management solution out-of-the-box for companies of all sizes.
go:Identity offers best-practice functions, processes and automatisms that have proven themselves hundreds of times in practice.
Find out more about the most important functions and highlights here.
(You can find basic information about go:Identity here - "go:Identity overview")
Onboarding (new employee)
A new employee joins the company. With go:Identity, his identity can either be created automatically from HR data sources or through a simple manual input process.
In go:Identity you can create different types of identities, such as internal, external, or admin. You can determine the necessary attributes and forms yourself, which also facilitates processes for non-IT personnel. go:Identity creates the identity and calculates any number of attributes such as username, email address, unique IDs and much more according to your specific rules.
go:Identity creates user accounts based on rules or definitions and assigns the exact authorizations that the new identity requires. go:Identity also sends out the initial passwords.
Of course, identities can also be created for the future. That way, employees can receive their access and assets exactly when they need them.
Changes
Changes can come in many forms. An employee might switch departments, change tasks within the company or take on a new role. go:Identity automatically responds to all such events and adjusts authorizations and access, removes and/or blocks them and corrects data.
Data changes can be synchronized between any systems that are connected to go:Identity. Changes in the HR data can thus also automatically trigger the necessary changes in target systems.
"Just-in-time" access rights
Time brings changes - go:Identity ensures secure authorizations and data at the right time.
Live views show you the current system access (accounts) and authorizations for your identities (including target / actual comparison) at any time.
With time limits that have start and end dates, authorizations can be made available exactly when they are needed.
Offboarding
When an employee leaves the company, go:Identity guarantees secure and consistent handling of access and authorizations.
When a leaving date is reached, you can set your own rules for access and authorizations, e.g. blocking, labeling, moving or deleting access. Further actions can be added easily.
Other periods of time such as short-term absences, parental leave or block times can also be treated in a controlled manner.
Automatic processes can proactively warn you before a limit date is reached, and the processes can also automatically take over further downstream actions such as archiving, deletion and other post-processing.
IT Shop
go:Identity's easy-to-navigate IT Shop allows employees to request access, authorizations or other “items” for themselves or for other definable groups of people.
In addition to the convenient search function, multi-level categories help you keep track of things even with tens of thousands of authorization roles in the shop.
The orders themselves are processed in the integrated go:Identity workflow environment.
All participants are kept up to date on the progress and results of the orders, both on a dashboard and by email.
Approval
For all items that can be ordered in go:Identity, flexible multi-level approval paths can be defined for each object if required.
- "no further approval required"
- "to be approved by superior"
- data / specialized managers
- technical manager
- e.g. "segregation of duties" and special clearances
Any conceivable combination is possible, but you can also implement your own original processes.
Participants are conveniently informed by email.
The workflow processes support escalation during defined business hours. A “substitute function” allows approvals to be granted even in the event of an absence. All decisions, with comments if required, are comprehensively logged.
go:Identity helps you implement a secure and audit-compliant authorization assignment process.
Forget about confusing authorization processes that involve verbal agreements, unstructured e-mails, paper or electronic forms and ingrained habits and which usually end with non-verifiable instructions given to the IT department, often at the last minute or by email.
go:Identity involves the right decision-makers and then eliminates the manual IT tasks.
Because once the responsible managers have given their consent, the necessary technical implementation can be carried out automatically.
Password functions / password self-service, registration and personal data
Password functions & self-service
- "Forgot password" service via Questions and Answers or via token link reset by email.
- Controllable access to password reset for identities for such as Helpdesk staff or responsible parties.
- Central password portal with password rules and synchronization to target systems.
Registration
- Self-registration option for new identities (integrate your partners, customers and external service providers).
- Includes mail opt-in.
- Includes configurable approval process.
Personal data
- Show your employees the data you have saved about them.
- Let your employees update any data (e.g. room number, extension, etc.).
- Synchronize this data to target systems.
Administration by responsible parties
"What if ..." ...project managers could update the members of their email distribution lists themselves? Or if access to certain fileshares could be assigned and removed by the people who are responsible? What if there were no more questions and reports on “Who has access to my fileshare?” because the responsible parties can look it up themselves at any time?
With go:Identity you can do just that, and give your managers an easy-to-use tool that can do it all.
This can shift many of the administrative activities that are now part of IT to the specialized departments. It reduces the IT effort and increases the speed for users.
For example, you could enable a local fileshare admin to easily manage the members of the corresponding AD groups via the web browser without giving him or her administrative access to the console in the AD.
Of course, all such actions are audited and thus remain traceable.
Target / actual comparison
But final permissions in the target system can differ, e.g.
- because the target system was manually administered,
- because other processes were involved,
- or because automatic changes were temporarily not possible due to technical interruptions.
Attestation / recertification
In go:Identity you can flexibly create any number of different attestation campaigns for regular recertification of
- groups of people
- departments / project groups / locations / positions
- roles and permissions
- authorization assignments
- and much more.
Includes a “clearing center” functionality for possible ambiguities, delegation, any actions after “confirm” or “reject,” smart email notification. Everything done online and documented.
No more endless lists laboriously created by IT, or email chaos at the end of the year. The responsible parties work online in go:Identity in an uncomplicated interface.
Traceability
In order to adhere to and review compliance rules, it is crucial that assigned permissions and data always be traceable. go:Identity maps rules reliably through automation and answers the important questions about all assigned permissions and stored data:
-
Origin of permissions
-
Information from the approval processes for approved permissions.
-
“Before / after” data for all data and permissions changes
- Independent storage of audits for flexible adjustment of retention periods.
Reporting
Is there any information that you cannot see online in go:Identity? Hard to imagine, but of course go:Identity allows you to create all kinds of reports and data exports:
-
Flexible report design using professional design software, with export options to PDF, Excel®, Word®, CSV, text formats and much more
-
Regular data deliveries by email.
-
Data exports for external systems.
If required, the system can optionally be expanded to include a report and information portal using the JasperReports® Server.
In addition, go:Identity allows you to send dynamic notifications very easily and flexibly. For example, a list can automatically be sent to supervisors showing which of their employees will be leaving soon, e.g. in 14 days.
Easy access using a web browser
- End users and administrators usually only work with the browser - no plug-ins, no additional software
- All common browsers are supported (MS Edge, Firefox, Chrome, Safari, etc.)
- Integration into SSO scenarios, e.g. Kerberos, SAML, OIDC
Multilingualism and design options
- Interface in German, English, French already available.
- Maintain your own dictionaries - go:Identity adapts to your language usage.
- The appearance can be adapted to your corporate design.
Email functions
- Easy integration.
- Multilingual email templates with dynamic content.
- Proprietary email templates and HTML templates for “nicer-looking emails”
- Various active email notifications and email triggers.
Manual entitlements
- For giving “instructions” to external systems and administrators via email or workflow tasks
- E.g. also suitable for simple hardware and software assets.
- Integrated into the user life cycle.
go:Identity permissions and forms
- Flexible configuration options: who can see what, who can change what?
- Forms, attributes, selection lists are very easy to adapt
- Functions on the dashboard are configurable