On September 26, 2024, we held a webinar focused on the role mining feature in midPoint that is designed to help organizations optimize access control by revealing hidden business information. This webinar explored role mining as a solution to common challenges, such as over-permissioning, the lack of insight into access rights, and role explosion that often result from inconsistent access structures within organizations.
The webinar began with a brief review of the role mining process and its importance in managing user access rights within the system, revealing the underlying factors hidden behind this process and its critical methods. During the presentation, we emphasized common issues in practical deployments and the solutions that are used nowadays. We compared the approaches to these challenges to two methods: the top-down business driven approach and the bottom-up analyzing approach, both of which uncover hidden business information based on patterns in existing data. We also discussed the key steps of the role mining process within midPoint, with attendees gaining insight into the workflow, from clustering and pattern identification to fine-tuning business role candidates.
The highlight of the webinar was a live demo that demonstrated role mining in two real-life scenarios, such as identifying core and profession-specific business-oriented access rights. We showed how it is possible to identify a potential business role in the system by using special modes that midPoint provides within the role mining process. In the first scenario, we used the birthright mode, which was intended to identify business roles in terms of role similarities. In the second one we focused on identifying roles in terms of specific user properties, specifically based on attributes related to their professional position and access rights similarity. After identifying these business role suggestions, we showed how and where these roles can be adapted to meet organizational security needs. In other words, we demonstrated the platform where the entire role engineering process can be executed. Finally, using midPoint’s functionality, we seamlessly integrated these role suggestions into our system, which activated the role for our environment. At the end of the live demonstration, viewers saw how we managed to significantly reduce the number of access right assignments.
These scenarios demonstrated how midPoint’s capabilities empower organizations to improve their identity management and governance processes. We also went over potential future advancements and innovations in midPoint analytical technologies, while highlighting the exciting potential of the role mining process. We mentioned the new functionality that we are actively working on as part of the upcoming midPoint 4.9 version, which is outlier detection, an analytical process designed to identify anomalies in data files.
Role mining in midPoint currently offers customizable configuration settings to fit specific organizational needs. It is a tool that helps identify specific characteristics between user-permission connections and is supported by several modes designed for basic use cases for a detailed configurable process. It offers an overview and various types of statistical information about the system. By using this functionality, the access rights administrator does not have to manually sift through a complex network of access rights and spend a lot of time correcting errors and ensuring the security of the organization. Role mining in midPoint is designed to provide candidate business roles consisting of existing permissions with the support of an efficient integration and customizations of these suggestions, ensuring that the object has no unwanted access rights.
In conclusion, I believe that role mining is a powerful tool that revolutionizes access control management, and the webinar serves as a good resource for attendees who want or need to optimize their role access control strategies.
For more information about role mining in midPoint, explore our documentation: docs.evolveum.com
In case you missed the webinar or would like to refresh your memory, take a look at the presentation or watch the recording: