Features Overview

Updated on 23 Aug 2024
22 Minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

Sr. No.	Cross Identity Features	Feature Details
I	Converged IDAM Platform
1.	Universal Directory	Cross Identity has a built-in Identity Store that acts as a central repository for all users and roles created in the Cross Identity or any other source. This allows the solution to be massively scalable. Also, it enables organizations to access all functionalities of Cross Identity, even if they are not using an Active Directory. This is an excellent option for authenticating users who are not available in the Active Directory.
2.	Integration with Source of Truth (SoT)	Cross Identity can integrate with various Source of Truth (SoT) systems such as CSV files, Enterprise Directories, and applications such as HRMS. This allows organizations to onboard and manage users and their groups easily. Also, it will enable multiple directory domains to be configured with the solution. In addition, Administrators can configure features required for those specific domains.
3.	Integration with Active Directory	Organizations can integrate their Active Directory with Cross Identity. Users from AD can be imported into CI, and those users can use various IAM use cases in CI.
4.	User onboarding through CSV File import, through Add User Form and through Add User API	CI supports various options to onboard users into its Universal Identity Directory: a. Through adding a user form b. CSV file import c. Through CI API
5.	Delegated Authentication	In addition to authentication against its Universal Directory, Cross Identity supports user authentications with any Enterprise Directory, such as AD or with any third-party Identity Providers (IdP), such as ADFS. In Delegated Directory Authentication method, users can access Cross Identity modules by entering their Active Directory credentials. In the Delegated IdP authentication method, users can access Cross Identity modules by entering their IdP credentials.
6.	Support for multiple Authentication Stores	Using authentication policies defined in the solution, users can authenticate to various authentication (CI, AD, ADFS, etc.) stores to access the Cross Identity modules.
7.	Support for Identity Attribute Transformation Rules	Supports complex transformation and mapping rules for Identity Attributes through easy-to-write scripts. This feature allows the creation of user identities with unique user names, complex email id syntax, and rule-based values for various identity attributes.
8.	Support for Third-Party IdP Authentication	CI supports end-user authentication with third-party SAML identity providers.
9.	Support for Integrated Windows Authentication (IWA)	Cross Identity allows users to authenticate using their Windows credentials, such as their Active Directory username and password, to access CI and other applications without entering a separate set of credentials.
10.	User Profile Management	Users can manage their profile attributes such as Mobile Number, location etc. if the CI admin allows modifications to those fields.
II	Access Management
1.	Single Sign-on
a.	Any Web Application Support	Single Sign-on to any application such as Web, Cloud, Federated, and Non-Federated in a seamless way.
b.	Thick-client Application Support	Single Sign-On to any Thick Client (Patented Technology) in a seamless way.
c.	Support for SAML SSO	Supports both IdP-initiated and SP-Initiated SSO flow.
d.	Support for OAuth or OIDC SSO	Supports OAuth or OIDC SSO flow
2.	Supports SAML Application Metadata import	Administrators can import the Service Provider (SP) metadata into the SAML SSO application configuration instead of manually filling in the required fields.
3.	Intermediate Page for New Users during SAML SSO Flow	Enhances the Cross Identity user portal's SAML SSO flow for new users, presenting an intermediate page for account activation during SAML application access. This feature streamlines onboarding new users by guiding them to set a new password and log in before granting access to the target application.
4.	Landing Page Redirection for SAML SP Flow	Upon initiating the password reset or unlock account flow during the SAML SP SSO flow, once the action is completed, the user will be redirected to the target application and SSO will be completed.
5.	Support Bookmark URL for SSO	The SSO bookmark URL directs users to the SSO application login page, injecting login credentials for extension-based apps and redirecting to the app's home page for SAML-based apps.
6.	Update the changed password for Extension-based/Thick-Client Applications	This allows users to update the changed password of their credentials for multiple applications in one go on Cross Identity’s End User Portal.
7.	CI Admin - Capturing and Storing AD Login Details for SSO Integration	CI Admin can capture and store the login details (username and password) of users when they log into the CI system, which is set to use Active Directory (AD) authentication, so that these credentials can be utilized to implement Single Sign-On (SSO) for web-based/ extension-based applications (AD Integrated applications), enhancing user experience and maintaining security.
8.	Implement the "nonce" parameter in the OIDC flow	Enhance security in the OIDC flow by implementing the "nonce" parameter, ensuring that login tokens generated by the Identity Provider (IdP) can only be used once, thereby preventing potential replay attacks. This addition strengthens client session association with the ID-Token, enhancing overall security measures.
9.	Context-based Authentication	Cross Identity support built-in Multi-Factor Authentication support for platform login, selective integrated application access, and advanced access control policies based on Roles, Device and Network Context.
10.	Advanced Access Management policy for IP address	In the Advanced Access Management Policy, a new rule for IP Addresses has been introduced. The admin can define a set of IP addresses. If a user logs in from the same IP for a certain period continuously then MFA will not be prompted. If the user keeps logging in from another device with an IP address not listed in the policy, that IP will be considered trusted and MFA will be disabled.
11.	Advanced Access Management policy for MAC address	A new rule has been introduced for MAC addresses in AAM policy configuration where if the Mac address belongs to any of the existing Mac addresses of the user, then MFA will not be prompted for the user at the time of login.
12.	Session Management	CI provides session management capabilities, including controlling session state for user-present application interactions.
13.	Consent Management	Cross Identity (CI) allows End Users to manage the consents given to various applications.
14.	Manage Multiple Sessions for end users	Limits user sessions to one browser session per user, preventing multiple concurrent sessions.
15.	Password Management
a.	Self-Service Password Reset & Unlock account	Cross Identity allows users to reset passwords and unlock their accounts without helpdesk support. This is done through various authentication options, including email- and SMS-based OTP. Cross Identity allows users to focus on business without getting hassled with password management. This gives users a seamless experience from anywhere and anytime.
b.	Self-Service Change Password	Cross Identity allows users to view, reset, and update passwords of target applications not integrated with AD. This gives users the ability to change passwords from the launch pad. In addition, it allows changing the Active Directory password. This changed password can also be synchronized to other target applications with the help of password-sync connectors.
16.	Helpdesk Assisted Password Reset & Unlock Account	The Helpdesk team can assist users in resetting their forgotten passwords or unlocking their accounts.
17.	Admin Capabilities to Reset User Password/MFA Re-Registration	A new tab under the identities section is introduced. The admin user can reset the user's password/ Security questions/ Soft token so that when a user reaccesses CI he/she will be prompted to register or set a new password.
18.	Implementation of a Password Policy Restricting User Attribute Use	The password policy has been enhanced to restrict users from incorporating personal attributes (e.g., First Name, Last Name, Email) into their passwords.
19.	Seamless Access to CI Launchpad with CI Authentication Agent	Introduced seamless access to the Cross Identity Launchpad using the CI Authentication Agent which captures and relays device information, including username, domain, IP address, and MAC address, to the Cross Identity system without requiring manual input.
20.	MFA for 'Go to Admin Console'	A new target is added as Cross Identity Admin Portal on the Advanced Access Management Policy. With this, an admin can define the Advanced Access Management policy.
21.	MFA label order consistency	For all the pages displaying MFA (SMS OTP, Email OTP, Soft Token and Security Questions) the label has been arranged consistently for better understanding.
22.	Cached URL Redirection	This feature aims to improve user experience by redirecting users to the home URL when they attempt to access cached or direct access URLs within the application.
23.	Unlock Account during Reset Password	This feature enables users to automatically unlock their accounts when they reset their passwords in Cross Identity (CI).
III	Identity Administration
1.	User Identity Management*	Cross Identity manages the life cycle of the users in the Organization. It creates, updates, and terminates users in its Identity Store.
2.	Display identity creation method when the user is created	When an identity is created via the CI add user API, the method will be mentioned as "Identity was created via Cross Identity (CI) API" in the Other Tab of an identity.
3.	Option for test connectivity for SoT and AD Directory configuration	After configuring the SoT/ Directory as the Source of Truth System in the CI, the admin can test the connectivity to the configured SoT system by clicking the Test Connectivity button on the configuration page.
4.	General Tab in IGA applications	Enhanced the Application Configuration tab by renaming it to "General" and introducing additional configuration details for Identity Governance and Administration (IGA) applications, so that crucial information such as the Application Owner and Dormancy Period can be conveniently managed.
5.	Account Management Dashboard Creation	This dashboard for CI Admins displays vital statistics such as total accounts, total entitlements, recent access requests, and access review summaries, average password resets and logins.
6.	Test connectivity for IGA applications	Test connectivity button in the IGA Application configuration allows administrators to verify whether the connection details for the respective IGA application is correct or not.
7.	Rule-based Role Assignments (RBAC & ABAC)*	Cross Identity supports business/organization roles and supports dynamic assignment of users to these roles. Customers can create rules based on various user attributes so that users can automatically be assigned to specific roles when added to Cross Identity or when any existing users’ attributes are changed.
8.	Account/Entitlement Provisioning*
a.	Birthright Account/Entitlement Provisioning	All users joining an organization get access to specific systems and applications as part of default application access for everyone (such as an AD account to login to OS and enter the domain, an Email account, Office 365, etc.). Different organizations have different accesses to be provided to users based on the overall processes and organizational rules. Cross Identity can grant conditional birth-right provisioning based on those rules that enable access to different systems and applications.
b.	Promotions and Transfers	Cross Identity automatically adjusts user access across business applications based on promotions/transfers. The necessary accounts relevant to the user's new role are automatically provisioned. Those accounts that are no longer relevant to the user’s new role are automatically de-provisioned. Provisioning and de-provisioning are conducted by rules defined on the relevant applications configured for the role.
c.	Request Based Account Provisioning	Cross Identity allows users to request access to any onboarded application. These requests are sent to the relevant authority for approval based on the multi-level approval workflow configuration. Upon approval, the accounts can be provisioned automatically. The user can initiate Access Requests using the Launchpad or mobile app. Users can also see the status of their request in the Launchpad or the mobile app. Approvers can approve/reject access requests in the launchpad or the mobile.
d.	Request Based Role Provisioning	Cross Identity allows users to request membership to roles within Aikyam - Cross Identity. Based on the configuration in the multi-level approval workflow defined while defining the role, these requests are sent to the relevant authority for approval. Upon approval, the users are provided membership to the requested role and accesses linked to that role are automatically provisioned.
e.	Suspension and Restoration	Cross Identity automatically suspends users marked as Suspended in the integrated SoT – CSV, Active Directory or HRMS. Based on the user’s status in Aikyam - Cross Identity, their accounts in the various target applications are suspended. When users are marked as “Restored” in the integrated SoT, Cross Identity automatically reactivates all the accounts of those users and enables all their accesses.
9.	Account categories (Regular/ Privileged) in IGA	The feature includes options for provisioning changes and filtering users based on privilege status.
10.	Contractors/Sponsored User Management	CI allows the manager and administrator to onboard or register contractors or sponsored users manually. Optionally, CI provides CSV file-based bulk import of users. All other lifecycle operations like dynamic role assignment, birthright provisioning, termination, self-service functionalities, access requests and access recertification are also supported.
11.	De-Provisioning/Termination*	When a user leaves the organization, Cross Identity automatically detects this event from integrated SoT. It removes the user’s access across all business applications, thus eliminating the need for it to be done manually. This feature allows organizations. To achieve statutory and regulatory compliance and ensure adequate security.
12.	Support for Application account attribute transformation*	Supports complex transformation and mapping rules for Application account attributes through easy-to-write scripts. This feature can create application access with unique user IDs and rule-based values for various application account attributes.
13.	Multi-Level Approval Workflows	Cross Identity allows administrators to configure multi-level workflows for access requests to applications or roles. Admin can choose a role as the approving authority at each workflow level. Additionally, the admin can specify if all users or only one user of a role need to approve the request. These workflows can be configured for each application, entitlement, and role.
14.	Approval Delegation	CI allows approvers to delegate their approval tasks to other authorized users.
15.	Initiate Access Request Workflow using API (Oauth/OIDC)	Cross Identity can initiate access request in two ways: • CI user manually requests the Access via the End User portal (existing feature) • External system invokes an API to initiate the Access-Request
16.	Allows managers to revoke user’s role access and Application access ^#	Managers can revoke their users' role, application and entitlement access through the CI End User Portal.
17.	Nested Drop-down in Access Request	The requester can select one value from the custom drop-down field and CI will populate the corresponding values on another drop-down field based on the above selection.
18.	Initiate all Provisioning and de-provisioning activities based on schedule	It is a time-based approach for various operations like create, modify, suspend, restore, delete, password sync, add entitlement and remove entitlement.
19.	Failed Transaction Identification and Re-Triggering	This function helps detect both the successful and unsuccessful transactions initiated by the IGA connectors for the specified operations such as creating, modifying, suspending, restoring, deleting the account, password change, and adding and removing entitlements.
20.	Remove user-role membership in CI after import, if a user is removed from a group in AD	Enhancement ensures that users removed from AD groups are promptly unassigned from corresponding Cross Identity roles when AD import is initiated.
21.	User should convert to Privileged from Regular immediately after getting access to Privileged Entitlement	This enhancement ensures that when a regular user requests and is approved for privileged entitlement, they are immediately marked as a privileged user.
IV	Access Governance
1.	Consolidated Access View	Cross Identity lets administrators get a real-time view of user access across business applications. By enabling administrators to see the accounts a user holds across business applications, they can take appropriate actions if anything is out of place.
2.	Orphan/Dormant Account Reporting	Cross Identity detects orphan and dormant accounts across business applications and allows administrators to act appropriately. Once detected, an orphan account can be: a. Assigned to a user on specific criteria defined by the administrator b. Assigned to a user manually by an administrator c. Suspended/Deleted
3.	Auditing and Reporting	Cross Identity provides an intuitive dashboard to view common events such as: a. Number of user logins on a daily/weekly/monthly basis b. Widely accessed applications for SSO c. Tasks - approval task, review tasks, pending activation d. Pending account activations e. Status of directory agents f. Status of CSV/AD/SOT import operations g. Status of various provisioning operations - Import, Add, Modify, Delete/Disable, Change Password Besides the dashboard, Cross Identity also provides a variety of pre-configured reports for assistance during audits and Statutory and Regulatory compliance.
4.	Natural Language Reporting using AI	Introduced natural language query capabilities, allowing administrators to generate reports effortlessly by interpreting free text ensuring accurate interpretation, efficient report generation, and readability in various common formats.
5.	License Report	Generates a report with the list of licensed user details (both assigned and non-assigned licenses) from the Reports Section.
6.	User Identification Reports	Under the end-user Activities reports section, the admin can view the user's username, full name and email address as separate columns by default.
7.	Add Dept, MFA Registration & Source columns in the License Reports	Added 3 new columns in the license reports to display the department, MFA registered for by the user, and the source of the user.
8.	Report of users who have activated CI account and have registered to any MFA options but not logged in.	Generates a report listing users who have not logged in their CI accounts after setting the new password and registering for MFA as part of the initial activation process.
9.	Report to show who has not activated their CI account login as part of the initial activation process	Generates a report listing users who have not logged in their CI accounts as part of the initial activation process.
10.	Report to show who has not activated their MFA as part of the initial activation process	Generates a report listing users who have not logged in their MFA as part of the initial activation process.
11.	Report should be generated for failed email delivery	If the email generation has failed while admin is notifying the user regarding the CI Account and/or MFA Activation, a report will be generated listing the failed email delivery.
12.	Access Review and Recertification	Entitlement Campaign – Ability to combine entitlement across different applications into a campaign that needs to be certified. Role Certification Campaign – Ability to combine business roles across different applications into a campaign that needs to be certified. Application Account Campaign – Ability to select applications for a campaign that needs to be certified. All the accounts of the selected applications will be included as part of the campaign. User Identity Account Campaign – Ability to group users based on roles and or attributes to trigger user end date extension. Risk-based Campaign – Ability to include trigger certification based on the risk score of the objects. Example, entitlement/Role/Account and user. Access Certification Connectors - Cross Identity leverages the IGA connector to perform reconciliation and propagate retain and revoke action via connectors that will be provisioned and integrated as part of the project implementation. CSV File-based Certification Connectors - For applications that are not integrated via the IGA connector, Cross identity supports a simple CSV file-based approach to reconcile user entitlement data and run the certification campaign Cross Identity also allows a manual process where CI starts a task, and the application administrator can mark it as done.
13.	Event based Access Review and Recertification	Admins can create Access Review campaigns triggered by events such as Role Removal/Movement or Dormant Account status. The feature includes customizable workflows, dynamic target selection, and default reviewers based on event types, ensuring efficient management and retention of entitlements. Reviewers are equipped with options to retain entitlement access while revoking role access.
14.	Segregation of Duties (SoD)
a.	Defining SoD Policies	The SoD Menu on the End User Poral and will be enabled only for the admin users. SoD Policy configuration menu will be made available only to the admin users and SoD owners.
b.	Offline SoD Campaigns	Offline SoD Campaigns mainly includes execution of a SOD campaign to identify prevailing violations pertaining to the policies created and run the campaign and trigger reviews for the violations to respective SoD owners/reviewers.
c.	Online SOD Campaign	SoD violations of the requestor will be highlighted to the approver in case of Access Requests, and reviewer in case of Access Certification. In case of violation during Access Request, reviewer grants a limited time access to the requester.
d.	SOD Delegation	The SoD Owner/ Reviewer can delegate an entire policy to another SoD Reviewer. This option will be available on the SoD Policy page under the Reviewer section.
e.	SOD Summary	The SoD Summary provides an overall view of the violations that are available in the system as a dashboard.
V	Pay Per Use(PPU) Consumption Portal
1.	Event Dashboard	The consumption Portal summarises various Identity and Access Management related events in the Cross Identity. A user can drill down to view the details of those events.
2.	Billing Dashboard	The Consumption Portal provides the summary of the consumption billing. This includes monthly billing details, billing trends and event-wise billing reports.
3.	Reports	This portal provides the details of each event. Users can generate various reports based on events and department of event status.
4.	Integration of Tenant Creation and Modification in MSSP/Consumption Portal	This streamlines administrative tasks by allowing CI Admin users to create and modify tenants directly within the portal interface.
VI	Advanced Access Management
1.	Web Access Management	Enforce centralized Authentication and SSO to applications that do not support federation protocols through CI’s Forced Sign-On module.
2.	Secured Remote Access	Cross Identity (CI) solution allows an organization to enable their workforce to work remotely by providing secure access to On-Premises and Cloud systems and servers.
VII	Other features
1.	Application Store*	Cross Identity provides a centralized app store that all our customers can access.
2.	SoT & IGA Connector Framework	Cross Identity’s Connector Framework provides interoperability between Cross Identity and IGA/SoT applications/systems.
3.	Notifications*	Cross Identity allows administrators to define event-based notifications and alerts.
4.	Supports integration with SIEM tools through IAM Event APIs^#	Cross Identity now provides details of various IAM Events through API for integration with third-party SIEM solutions.
5.	Email API provider to be integrated for SMTP	Email API provider integrated to improve email notifications, alongside the existing SMTP gateway. This integration allows for enhanced email functionality and leverages the capabilities of an external Email API provider.
6.	Update Drop-down values in User’s Identity Profile^#	The ability to populate data for a DROP-DOWN attribute of Identity through API is available in CI.
7.	Getting Started Page	The Getting Started Page helps to set up the Cross Identity solution hassle-free for the first time. It provides a step-by-step guide for the initial configurations.
8.	Supports Custom SMS Gateways	Custom SMS gateways can be seamlessly integrated with CI to send diverse notifications via SMS. Customers have the flexibility to configure their existing SMS gateway within the CI environment, aligning with their organizational preferences.
9.	Enhanced Search option in Identity Page^#	Supports various user attributes (including Department) for searching Users on the Identity page.
10.	Enhance Security for TOTP Verification API through OAuth/OIDC Integration	By integrating OAuth 2.0 and OpenID Connect (OIDC) with our TOTP verification API, we bolster security measures, enabling secure authentication and authorization of client applications.
11.	Password Visibility Toggle	Both administrators and end-users can view passwords entered into password fields by clicking on a password visibility toggle.
12.	Update Heading for Soft Token MFA Registration Step	An enhancement has been made to the soft token registration process, focusing on updating the heading to provide clearer guidance to end users. As a result of this enhancement, the heading now displays: “Please enter the TOTP code below to complete the registration”.
13.	Update Prompt for Entering Soft Token Code	An enhancement has been made to the prompt for entering the Soft Token code. The previous heading, “Please enter 6-digit numeric code'“, has been updated to “Open your MFA app again, get the 6-digit numeric code, and enter these 6 digits below. Click Verify” on both the MFA registration page and the 'Registration Menu' page.
14.	Deactivate button in Identities Page	When admin clicks on the "Deactivate" button in the Identities page, the user's status will be changed to "DEACTIVATED”, and their assigned license will be revoked.
15.	Ability to trigger bulk emails to those that have not yet activated their CI account.	Admin can select the users and/or bulk trigger emails to the users who have not logged into their CI account even once.
16.	Ability to trigger bulk emails to those that have not yet activated MFA	Admin can select the users and/or bulk trigger emails to the users who have not activated their MFA options.
17.	Alert should be sent to the admin of any issues encountered during the email triggering process	When the email is triggered during the CI Account and/or MFA Activation has failed, an alert will be sent to the admin on his/her email address.
18.	Trigger email when admin resets MFA Re-Registration for the identity	Email notifications will be sent to the respective user when the admin resets MFA options – Security Questions and Soft Token, so that user can re-register for the MFA.
19.	Supports Microsoft Edge in CBS^#	Supports Microsoft Edge in Cross Browser (Browser Preference) feature.
20.	Support multiple Domain Controllers of Active Directory^#	CI automatically detects multiple Domain Controllers (DCs) of Active Directory when integrated as Directory in CI.
21.	Supports Help Link in CI’s login Page^#	A configurable Help Link is introduced on the login page of the CI End User Portal.
VIII	Password-less Authentication
1.	Password-less AuthenticationRegistration	Cross Identity's Password-less Authentication feature enables users to authenticate themselves conveniently and securely, without remembering complex passwords. CI will support the Password-less authentication feature. With this capability, end-users can authenticate to Cross Identity without any password. CI leverages FIDO-compliant end-user machines as Password-less authenticators. Introduced a Password-less Authentication Mobile App. CI performs Password-less authentication using this mobile app (Out-of-band Authentication).
2.	CIVerifID Mobile App
3.	Passwordless MFA Authentication	Advanced Access Management Policies includes Passwordless Authentication as one of the MFA options along with SMS OTP/ Email OTP/ Security Questions and Soft Token.
4.	Passwordless MFA API for 3rd party application	Cross Identity provides an API where CI-Passwordless Authentication can be integrated with third party applications to invoke Passwordless MFA.
5.	Magic Link for Initial User Registration	Users receive an email or text message containing a special link that, when clicked, logs them into their account.
6.	Passwordless Auth Device De-Registration	Users have an option to de-register a password-less device from his/her account to maintain control over the account's security.
7.	Redirection to MFA login in case of time-out during passwordless authentication	In case of failed passwordless authentication or session timeout, users will now be prompted to validate via Multi-Factor Authentication (MFA) instead of using a password.
8.	Passwordless Authentication CI Reports/ Event Logs	Passwordless Authentication events are included in the Report/Event logs. It captures both “WebAuthn” & “Push notification”.
IX	Integrations
1.	Smart Client Application Integration	This feature allows the user of the CI Launchpad and associated smart client applications, to seamlessly access multiple applications with Single Sign-On (SSO) to avoid repetitive logins.
2.	Native App SSO	Cross Identity’s native SSO solution is based on token exchange. It builds on an OIDC draft spec Native SSO for Mobile Apps.
3.	Integrated Windows Authentication (IWA)	Integrated Windows Authentication (IWA) is a popular authentication mechanism used to authenticate users on Microsoft Windows servers. It uses browser-based authentication, where the authentication is handled by the web browser.
4.	CI Radius Server	Cross Identity provides the ability to manage authorization and access to on-premises applications and resources using the RADIUS protocol.
X	Privileged Access Management
1.	Privileged Access Management	With Cross Identity’s Privileged Access Management, you can quickly govern, audit, and monitor all the actions of your privileged users to detect and prevent breaches before they happen.
2.	Single Sign on to CPAM	Single Sign on to CPAM enables users to access privileged resources through a unified authentication process. CPAM can be integrated as a SAML application with Cross Identity to perform SSO.
3.	Session Monitoring and Recording	Session Manager in PAM records all privileged user sessions, including user activities and changes made to sensitive systems and data.
4.	Multi-Factor Authentication (MFA)	CI-PAM can be enabled with context-based MFA factors for an additional security layer. With Cross Identity, we can enable a step-up authentication layer while performing login or Single Sign on to Cloud PAM (CPAM).
5.	Password Vaulting	The password manager in PAM stores all privileged account credentials in a secure, centralized vault.
6.	Password Rotation	Password of the application accounts (both owned and orphan accounts) will be rotated based on the number of minutes configured.
7.	Privileged Account Discovery	The Privileged Access Discovery in CPAM identifies account misconfigurations including overprivileged accounts, service accounts using user identities, and unused accounts.
8.	Privileged Access Request and Approval	Access Manager in PAM can include workflows for requesting and approving access to privileged accounts and resources.
9.	Privileged Access Certification	This ensures that policies and procedures related to privileged access are adhered to and regularly reviewed.
10.	Privilege Elevation	The creation of privileged accounts with the necessary access rights and permissions along with the access termination (deprovisioning) is feasible with the Cross Identity IAM Solution integrated with CI PAM.
11.	Compliance and Auditing	CI-PAM ensures compliance with regulations and industry standards through comprehensive auditing capabilities, access controls, and detailed reporting, enabling organizations to meet regulatory requirements and demonstrate compliance.

* Most widely used features and use cases.

^#New Features

Was this article helpful?

What's Next

Features in detail