Identity Plus

Identity Plus is a cloud Identity Governance and Administration solution with multi-tenanting capabilities. Engineered based on two decades of experience implementing over 500 IGA instances across multiple technologies, it is a true synthesis of IGA requirements of mature customers. Moreover, as a multi-tenant solution in the cloud, we make sure that everything runs smoothly; Identity Plus does the heavy lifting so that you can stay focused on your business-related deployments.

  • Tailored for mature IGA businesses
  • Pure cloud deployment eliminates business disruptions
  • Quick app onboarding
  • Intelligent and enables users with data-driven, decision-making guidance
  • Integrates readily with most access management solutions

Multi-Tenancy IGA in the Cloud

As a pure cloud deployment, Identity Plus runs your tenant instance alongside other tenant instances on cloud servers. Technology has come a long way, and the benefits to the end-customer far outweigh any (perceived) losses from not running a dedicated server for each instance. There is no lack of bandwidth or space, and, in fact, the administration is easier which results in a more up-to-date and seamless environment.

Benefits of Identity plus multi-tenant model.
  • Reduced server costs for us mean we offer lower prices to you
  • Improved efficiency of maintenance, updates, and upgrades
  • Maximized resource usage
  • Your business will not be affected by frequent upgrades
  • Highly flexible, scalable and delivers high performance
Multi-tenant SaaS Architecture of Identity Plus

Role-based Account and Entitlements Provisioning

Identity Plus creates accounts and assigns entitlements based on user attributes and roles. It then grants access to new users based on customer-defined role memberships.

Administrators can create static or dynamic roles.

Rule based Role assignments
Rule based Role assignments

Create rules based on different user attributes and scenarios so that users may automatically be assigned to specific roles when added to Identity Plus or when any of the existing users’ attributes are changed.

List of provisioning assests allocated as a part of AD - Birthright Provisioning process
Birth-right Provisioning

Enable necessary accesses to be granted automatically to different systems and applications for new users based on your pre-configured rules.

List of provisioning assests allocated as a part of AD - Birthright Provisioning process
Transfers and Promotions

Automatically adjust user accesses across business apps and entitlements based on promotions and transfers. This includes both providing a set of accesses and removing older accesses as required.

Access Requests – Accounts and Entitlements

Users can request access to any on-boarded application as well as request additional entitlements within an already provisioned application. When requests need more than one review to approve access, Identity Plus can enable multi-level approval. Upon approval, Identity Plus automatically provisions the access.

Access Request Dashboard which has Request Summary and History
Multi-level approval workflow in Identity Plus

Multi-level approval workflow

Configure multi-level approval workflows for access requests if you need multiple authorities to review access requests for specific apps or entitlements. Admins may choose a user’s manager, or any other role, as the approving authority at each level of the workflow. When the workflow is completed, and all authorities choose to grant access, provisioning occurs automatically.

Manager Initiated Access Request

Identity Plus allows managers to request addition or removal of accesses to applications or entitlements on behalf of their employees. These requests can also follow a multilevel workflow.

Multi level approval workflow
Steps to configue time bound access for an employee

Time-bound access

If an employee needs access to an application only for a specific project or for a limited time, this can be specified when requesting the access. The access will be revoked once this time expires and the employee may also request extensions or early termination.

Auto De-Provisioning

Timely access to new employees is not the only important thing. Timely access terminations are vital to company security. With Identity Plus, terminated employees will have all their accesses terminated when they leave your organization. This supports statutory and regulatory compliance, ensures effective security and eliminates the burden of manual de-provisioning.

List of suspended users in SoT (System of Truth)

Suspension and Restoration

Automatically suspend or delete users who are marked as suspended in the integrated SoT – CSV, Enterprise Directory or HRMS.


When someone leaves an organization, Identity Plus automatically revokes their access to all business apps. This enforces Statutory and Regulatory compliance and ensures that user licenses are utilized appropriately.

List of terminated users availble in Identity Plus
Define Access Review Campaign

Access Certification

Identity Plus offers an easy way to manage and run access certification campaigns (review and recertification) across your organization. It can configure multilevel review campaigns that can be scheduled to run on a regular basis, streamlining and automating this major compliance activity. During a review, the solution revokes accesses that are no longer suitable, or, pushes notifications to various target systems for managers to review.

Orphan Account Management

An account is classified as ‘orphaned’ when it no longer has a valid user, but can still be accessed. The account and login credentials exist, but no human person is tied to it. Such an account presents a critical security risk because it can be used without any person being accountable for actions performed within it. Identity Plus detects orphan accounts across business apps and enables admins to delete it or assign it to a current user within the organization. Another benefit of this feature is that licenses become free to be used by other accounts.

Configure Orphan Account Management flow

Multi-level access review campaign

Allow admins to configure multi-level review campaign such that multiple authorities can review the accesses before it is certified. It also allows to easily configure the kind of accesses that need to be reviewed by each level of the reviewer.

Scheduled Access Recertifications Campaigns

Identity Plus allows admins to configure periodic review campaigns based on the criticality of the apps so it is triggered automatically at regular intervals

Define Access Certification Campaign
Dashboard showing list of accesses to be reviewed at the end of certification campaigns

Auto-fulfilment of recertification

Once the review campaign is completed, Identity Plus can provide a summary of accesses that need to be revoked or it can automatically remove the access for accesses that have been certified to be removed.

Identity Store

Identity Plus has an in-built Identity Store that acts as the central directory for all users and roles created in the solution or any other source. This allows organizations to access all functionalities of Identity Plus even if they do not use Active Directory.

List of Users in Identity Store of Identity Plus
Reverse Password Sync available from Active Directory

Password Synchronization

Identity Plus makes eliminates multiple passwords and simplifies password management significantly. Users create the unified Identity Plus password which syncs with all onboarded applications. Users can then login with this one password to open all applications.

Reverse Password Sync from AD

Password changed on the Active Directory is used to synchronize all the other application passwords for that user.

Account Capability settings available for Password Synchronization in Identity Plus

Integration with Active Directory, HRMS and CSV

Identity Plus onboards users from multiple SoTs (AD, HRMS, CSV) into its Identity Store.

Organizations can use the product to easily onboard users and manage users as well as groups from this one SoT.

Identity Plus also allows multiple directory domains within the same tenant instance of the solution.

Administrators can configure different features required for different domains.

Onboard users from multiple directory domains within the same tenant instance

Self-service Password Change

When users change their SSO primary password, if authentication is delegated to your Active Directory, a change to the password within the solution changes the Active Directory Password as well.

Self-service Password Reset and Unlock

Allow users to reset forgotten passwords or to unlock their accounts without assistance from a helpdesk. This can be done through verification with alternate factors such as security questions, Email OTPs, SMS OTPs, and Soft Tokens

Password Synchronization

Our solution reduces wasted time and prevents confusion when passwords that are changed or reset within Identity Plus, or within individual apps, are synced with one other.

Reverse Password Sync from AD

Reverse Password Sync: AD password changes are synced with Identity Plus.

Forward Password Sync to AD

Forward Password Sync: Password changes in Identity Plus are synced with your AD


Identity Plus provides an intuitive dashboard to view common events such as:

  • Tasks – Approval Task, Review Tasks, Pending Activation
  • Pending Account Activations
  • Status Of Directory Agents
  • Status Of CSV/AD/SOT Import Operations
  • Status Of Various Provisioning Operations

Pre-configured, audit-ready reports for compliance are also built into this solution. These can be downloaded in PDF or XLS formats.

Compact Identity dashboard

Analytics and Business Intelligence

Identity Plus utilizes a powerful data analytics and visualization engine which helps organizations migrate from basic IAM automation to dynamic, risk-calculated, and intelligent decision making. It generates Intuitive dashboards and intuitive analytics reports based on collected data.

The solution provides insights with which your organization can make informed IAM decisions on ULM activities, access requests, access approvals, and access certification campaigns. It presents this information visually with bar charts, pie charts, line charts, and combination charts

Gain a multidimensional view of identity data in your company with Identity Plus’ advanced data mining and analytics.

Advanced Data Mining and Analytics

  • Advanced Data Mining and Analytics
  • Provides business context to information
  • Multidimensional views of identity data
  • Provides comprehensive user administration and governance information

Customizable Dashboards

  • For IT Security, IT Admin, Application Owners, Managers, and any other role
  • Monitor and manage only and exactly what you need to

Integration with Access Management tools.

Identity Plus features easy integration with Access Management solutions such as Ilantus Compact Identity, as well as with access solutions such as IBM ISAM, Microsoft Azure AD, Okta and others.