Abstract: Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

Abstract: Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

Abstract: Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

Abstract: Systems and methods for managing risk management rules are provided. A risk management rule may be configured at a rule configuration interface are described. The rule configuration interface may include a list of access rights available for selection. Based on input received, one of the access rights may be identified as a base access right and one of the access rights may be identified as a conflicting access right for the risk management rule. The access rights provisioned at the computing system may be monitored to determine whether a user is provisioned with both the base access right and the conflicting access right. If so, a violation review may be created and presented at a violation review interface at which a decision for the violation review is receivable. An exception to the risk management rule may also be configured at an exception configuration interface.

Abstract: Systems and methods of managing computing resources of a computing system are described. A computing resource list and computing resource information may be stored at a data store. The computing resource list may identify a set of computing resources of a computing system, and the computing resource information may respectively describe the computing resources. The computing resource list may be updated in response to a new computing resource being added to the computing system or in response to an existing computing resource being removed from the computing system. Evaluation tasks for the computing resources may be performed, and a resource evaluation report may be generated during performance of at least one of the evaluation reports.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: A computing platform may receive, from a plurality of computing systems, data identifying permissions of a plurality of users to access one or more resources of the plurality of computing systems. The computing platform may identify, from amongst the plurality of users, a plurality of groups of users. The computing platform may identify, from amongst the permissions, a plurality of sets of permissions. Each set of permissions may include permissions shared by each user of a group of users of the plurality of groups of users. The computing platform may generate a graphical depiction of the plurality of groups of users and the plurality of sets of permissions. The graphical depiction may graphically depict, for each group of the plurality of groups, one or more sets of permissions, of the plurality of sets of permissions, shared by each user of the group.

Abstract: Systems and methods for managing risk management rules are provided. A risk management rule may be configured at a rule configuration interface are described. The rule configuration interface may include a list of access rights available for selection. Based on input received, one of the access rights may be identified as a base access right and one of the access rights may be identified as a conflicting access right for the risk management rule. The access rights provisioned at the computing system may be monitored to determine whether a user is provisioned with both the base access right and the conflicting access right. If so, a violation review may be created and presented at a violation review interface at which a decision for the violation review is receivable. An exception to the risk management rule may also be configured at an exception configuration interface.

Abstract: Systems and methods for granularly expressing risk associated with computing resources of a computing system are described. A resource detail interface may be provided that includes a permission list identifying a permission to a computing resource of the computing system. A review flag of the permission is configurable at the resource detail interface in response to input received at the interface. The review flag may be set based on the input received at the resource detail interface to indicate whether review of the permission is required. A resource review interface may display a list of pending reviews of access rights, and a decision for a review may be received at the resource review interface. A review of an access right may be created in response to a determination that a computing resource permission associated with the access right requires review.

Abstract: Systems and methods for ensuring the quality of identity and access management information at a computing system are described. Access right information that respectively corresponds to one or more access rights may be stored at a data store. The access right information may be stored in accordance with a data model that defines respective relationships between the access rights and both the users having access to the computing system and the computing resources of the computing system. At least a portion of the access right information may be retrieved, and quality assurance tasks may be performed using the portion of the access right information retrieved.

Abstract: Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

Abstract: Systems and methods of managing computing resources of a computing system are described. A computing resource list and computing resource information may be stored at a data store. The computing resource list may identify a set of computing resources of a computing system, and the computing resource information may respectively describe the computing resources. The computing resource list may be updated in response to a new computing resource being added to the computing system or in response to an existing computing resource being removed from the computing system. Evaluation tasks for the computing resources may be performed, and a resource evaluation report may be generated during performance of at least one of the evaluation reports.

Abstract: Systems and methods for facilitating reviews of IAM information are described. A list of pending reviews of respective access rights of a computing system may be provided to a display device for presentation at a display interface. A review decision for one of the pending reviews may be received such that the pending review becomes a completed review. The review decision and a date the review decision was received may be stored at a data store. An access right associated with the completed review may be selected in response to a review event that requires review of that access right. It may then be determined whether the completed review is accreditable to review of the access right selected for the review event based on the date the review decision was received for the completed review.