Abstract: A device configured to receive a service request for modifying a user account. The device is further configured to add an entry in a service request log and in an event log in response to receiving the first service request. The device is further configured to apply the modifications instructions from the service request to a current status of the user account in a status log and to modify the current status of the user account in the status log. The device is further configured to determine a second data control device is associated with the user account. The device is further configured to determine the first set of service instructions based on the updated first current status of the user account, to generate a second service request that comprises the first set of service instructions, and to send the second service request to the second network device.

Abstract: A device configured to receive a service request for modifying a user account. The device is further configured to add an entry in a service request log and an event log in response to receiving the service request. The device is further configured to query a status log to determine a current status of the user account. The device is further configured to apply modification instructions from the service request to the current status of the user account to update the current status of the user account and to modify the current status of the user account in the status log. The device is further configured to identify a provisioning service device that is associated with the user account, to determine service instructions for the provisioning service device based on the updated current status of the user account, and to send the service instructions to the provisioning service device.

Abstract: A device configured to receive a first current status for a user account from a provisioning service device. The device is further configured to query a status log using to determine a second current status of the user account. The device is further configured to compare the first current status for the user account from the provisioning service device to the second current status of the user account in the status log, to determine the first current status for the user account does not match the second current status of the user account, and to update one of the status log and the provisioning service device in response to determining that the first current status for the user account does not match the second current status of the user account.

Abstract: A device configured to receive a first current status for a user account from the provisioning service device. The device is further configured to send a query to a plurality of data control devices to determine a second current status for the user account from the status logs of the plurality of data control devices. The device is further configured to determine the first current status for the user account from the provisioning service device does not match a second current status of the user account from a status log of a first data control device from among the data control devices. The device is further configured to update one of the status log of the first data control device and the provisioning service device in response to determining that the first current status for the user account does not match the second current status of the user account.

Abstract: A device configured to receive a first current status for a user account from the provisioning service device. The device is further configured to send a query to a plurality of data control devices to determine a second current status for the user account from the status logs of the plurality of data control devices. The device is further configured to determine the first current status for the user account from the provisioning service device does not match a second current status of the user account from a status log of a first data control device from among the data control devices. The device is further configured to update one of the status log of the first data control device and the provisioning service device in response to determining that the first current status for the user account does not match the second current status of the user account.

Abstract: A device configured to receive a first current status for a user account from a provisioning service device. The device is further configured to query a status log using to determine a second current status of the user account. The device is further configured to compare the first current status for the user account from the provisioning service device to the second current status of the user account in the status log, to determine the first current status for the user account does not match the second current status of the user account, and to update one of the status log and the provisioning service device in response to determining that the first current status for the user account does not match the second current status of the user account.

Abstract: A device configured to receive a service request for modifying a user account. The device is further configured to add an entry in a service request log and an event log in response to receiving the service request. The device is further configured to query a status log to determine a current status of the user account. The device is further configured to apply modification instructions from the service request to the current status of the user account to update the current status of the user account and to modify the current status of the user account in the status log. The device is further configured to identify a provisioning service device that is associated with the user account, to determine service instructions for the provisioning service device based on the updated current status of the user account, and to send the service instructions to the provisioning service device.

Abstract: A device configured to receive a service request for modifying a user account. The device is further configured to add an entry in a service request log and in an event log in response to receiving the first service request. The device is further configured to apply the modifications instructions from the service request to a current status of the user account in a status log and to modify the current status of the user account in the status log. The device is further configured to determine a second data control device is associated with the user account. The device is further configured to determine the first set of service instructions based on the updated first current status of the user account, to generate a second service request that comprises the first set of service instructions, and to send the second service request to the second network device.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: A data model for managing identity and access management (IAM) data implemented at an electronic database may include a set of logical resource elements, a set of physical resource elements, and a set of access requests elements that respectively model logical resources, physical resources, and access requests received at an access request manager of an enterprise. The physical resource elements may be respectively associated with the logical resource elements such that access rights for the physical resources may be obtained based on a logical resource specified in the access request. A system for managing IAM may include a mapping module configured to transform heterogeneous IAM data provided by a plurality of IAM data sources into homogeneous IAM data formatted according to the common IAM data format. A data store may implement the IAM data model such that the data store is configured to store the homogeneous IAM data.

Abstract: In certain embodiments, a system maintains a plurality of metadata elements. Each metadata element indicates a current classification value for user data described by that metadata element. The system detects the occurrence of an event and automatically determines which of the metadata elements are affected by the event. For each metadata element affected by the event, the system automatically determines an updated classification value for the user data described by that metadata element and dynamically modifies the metadata element to indicate the updated classification value.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

Abstract: Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication application program interface (API). The trust may be included in the security token to make available to other applications in the group. Applications can be in multiple groups with variable level of authentication based on location and other transactions variables.

Abstract: A system for managing an enterprise concept dictionary may include an electronic master dictionary and electronic local dictionaries. The master dictionary may include concept entries respectively associated with concept identifiers and with one or more concept definitions. The local dictionaries may include one or more of the concept identifiers of the master dictionary. A dictionary management module may be in signal communication with the master dictionary and the local dictionaries. The dictionary management module may be configured to query the master dictionary for a concept entry that corresponds to a concept associated with a modeling component. If a concept entry is found, the concept identifier may be provided. If a concept entry is not found, a new concept entry may be added to the master dictionary. A notification module may be in signal communication with the master dictionary and automatically provide notification when a concept entry is added or updated.