Give users exactly the access they need and nothing more
Groove.id's innovating access control models allow you to implement the least privilege principal without creating a huge burden for your staff or IT team.
Users can help themselves
A person needs access to an app can request it right inside the application. They don't need to go hunting around to figure out who manages the app, or what the rules are. Instead they just click Apply to join. If you like you can ask the person to provide a business justification for why they need access.
Simple to approve
Whomever is making the access decision receives an email with a button to approve and a button to block. Approval is simple and can happen on a mobile phone in seconds.
You decide how people are notified of access. Groove.id can be used to facilitate a self-policing model where all the people managing an access control group find out about the change right away. If the change is fraudulent or inappropriate, then they can block it.
You can configure the workflow around access control to suit your needs.
In the traditional model, a designated owner (or owners) approve access.
In the country club model, any user that already has access can grant access to a new user. Owners can still block users, and nothing happens without an email and audit record being created.
In the manager approval model, a user's designated manager must approve the user's access.
In the open model, anyone is granted access. Owners can still block users, and nothing happens without an email and audit record being created.
Unused access atrophies
You can set up access so that it will atrophy over time if it isn't used. Because it is so easy to request access again if needed, revoking access for unused groups is no big deal.
Some compliance regimes require that access be re-approved on a specified interval. If you have that requirement, you can configure Groove.id to require re-approvals on the schedule you specify. If you don't get re-approval in time, access is removed.
Capture compliance data
If you need to know why each person has access to a resource, you can require that it be captured right in Groove.id at the time of the request. Approvers can also add reasons for approval.
The access audit report shows who approved each access request and the justification. Having these data available dramatically simplifies audit time.
Everything leaves a mark
Groove.id has the most comprehensive auditing system. Every time a user requests access, is granted access, or is blocked, we produce an audit record. You can view those records in our console, export them to a log tool like Splunk, or download the raw logs for processing.