Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog

In the recent  RSA Identity Governance and Lifecycle 7.1 release, you can now require a user to specify if a mitigating control is in place for when granting an exception to a Segregation of Duty (SOD) or User Access (UA) policy violation.

During a policy violation review, and when granting an exception, the remediator can specify if there is a mitigating control in place. They can choose if control is:

  • In-Place – there is a control that has been implemented
  • Pending – there is a control defined and is in the process of being implemented
  • None – there are no controls in place or defined at this time

This feature compliments New Feature: Customer Specific Business Justifications that can also be selected when granting a policy exception.   

The configuration for adding mitigating controls for granting exceptional access to policy violations can be found within the rule definition. 

For more information on this feature – please check out this additional content. 

Mitigating Controls for Violation Remediation 

We are excited to introduce a new virtual deployment option in the recent RSA Identity Governance and Lifecycle 7.1  release which makes it easier to deploy our solution in a VMWare virtualization environment!

Provided as an OVA file, all the neccessary componets are supplied to connect your RSA Identity Governance and Lifecycle application to an existing database instance.  Using the supplied configuration wizard, which prompts and ensures that all the necessary configurations are set, customers can quickly stand up the RSA Identity Governance and Lifecycle application. 

For more information and to view an example installation and setup, please refer to the following video tutorial:

Virtual Application Installation and Setup 

Sean Miller

Workflow Priority Queues

Posted by Sean Miller Employee Feb 19, 2018

In the recent  RSA Identity Governance and Lifecycle 7.1 release, we have introduced priority queues in the workflow engine.  These are not exposed to end users but are designed to provide more throughput in processing workflows.  In particular, if a larger request is being processed, some other types of requests can still get through if they are deemed important enough rather than waiting in line.  In the past, the workflow engine processed things in a first come first served model.

in addition to help improve throughput, the priority queues will also help with isolating longer running work and identify potential problems.  For example, a very large role change that is committed can generate a number of indirect entitlement changes for all the role members.  These are now processed using a different priority queue than normal changes flowing through the system from explicit requests end users are making.  Similarly, changes related to SQL Select, SQL Execute, and Java nodes are processed by a different priority queue.  This will help workflow developers and administrators identify if there are long running custom logic that needs closer inspection.


The following priority queues are defined now:

  • Normal (Default) - explicit changes flow through this queue
  • Urgent - Requests of that represent user terminations or password resets are handled by this queue
  • Role - Requests that are role related (usually containing indirect entitlement changes) are handled by this queue
  • Custom nodes - Logic run as part of SQL Select, SQL Execute, and Java nodes are handled by this queue


The Admin->Workflow→Monitoring screen provides a real time view of what is going on in the workflow engine.  The priority queues are shown in this interface so you can see how each queue is performing and where there may be bottlenecks that need closer inspection.

For more information on this feature – please check out this additional content. 

Workflow Priority Queues 

As an addendum to the previous release of the Password Vault Integration feature in RSA Identity Governance and Lifecycle v7.0.2 we are happy to announce the release of additional support for collectors and connectors.  The password vault feature will allow RSA Identity Governance and Lifecycle to retrieve and rotate privileged credentials from CyberArk Application Identity ManagerTM (AIM). 


For a list of supported endpoints, please review the Connector & Collector Application Guides  or the supported endpoint data sheet - RSA Identity Governance and Lifecycle - Supported Collectors and Connectors   


For more information on this feature – please review this additional content. 


Active Directory Application Wizard Password Vault Configuration 

Password Vault Configuration - Active Directory Collector 


Reduce Identity Risk with RSA Identity Governance and Lifecycle

In the recent RSA Identity Governance and Lifecycle 7.1 release we have added a new Analysis and Guidance panel for User Access Reviews.  The Analysis and Guidance panel provides more context to the reviewer to (1) improve risk awareness, (2) identify outlier access, and (3) reduce the volume of decision making. 


The analysis and guidance panel allows the reviewer to easily filter their review results by different categories to allow them to focus on specific set of data.  For example; show only privileged access that contains violations or uncommon access (outliers) that contain violations.   The inclusion of the panel and various analysis are configurable at the review definition level. 


The analysis and guidance panel focuses on three main use cases


Improve Risk Awareness

  • Display all items with Violations
  • Display all items with Exceptional Access
  • Display all items that were previously revoked
  • Display all items for critical applications
  • Display all items that contain privileged access


Identify Outlier Access

  • Display all items that are not commonly held


Reduce the Volume of Decision Making

  • Display all items that are commonly held
  • Display all items that were recently approved
  • Display all items that have not changed since the last review


In addition the analysis and guidance panel filtering can be combined with table filtering to isolate all violations for privileged entitlements within a specific role or business unit.  


For more information on this feature – please check out this additional content. 


New User Access Review Experience - Analysis and Guidance Panel 

When RSA is looking at enhancing the product there are many factors that need to be taken into consideration. What is the benefit to our customers? What is the impact of making a change? What is the priority of this change verses others enhancements.

To help your idea be the more impactful it can be and get the visibility it deserves here are a few guidelines to help you define your idea.

  • What is the use case you are looking to solve?


Putting the use case in the title and detailing it at the start of your idea will help people to understand what you are looking to achieve. Define at a high level what it is that you are looking to do, if possible in business or non-technical way. This should not be details of specific technical changes in the product.

Providing the information this way allows us to look at all of the options to approach the idea.

Example: RSA Identity Governance & Lifecycle should have the ability to resend a request to AFX after it fails. This ability should be configurable from the UI.

  • What is the benefit you are looking to achieve?


Detail the benefits you could achieve by enhancing the product to meet this use case, is there a quantifiable benefit? How would it improve your life or the lives of your users? If it needed to meet a corporate objective or regulation?

Example: A retry mechanism we will reduce manual labour and possible errors that are part of making a manual change

  • Example of what would change in the product

Detail the changes you might see in the product to meet your enhancement use case. A lot of the Idea’s in Link today start with this type of information. It is very much needed but it also leads to questions like “What is the overall objective of what they are trying to do?” and “Is there a different way to do it that would add more benefit or be easier to implement?”

Another factor is other people might not understand your idea or its benefit and therefore will not vote for it!

Example(s): If the endpoint was down for some reason and now its back up and we want to resend the same request to AFX.

If the endpoint is down send the request to another AFX endpoint.

If the endpoint is down send a notification to an administrator and wait for them to select the retry option in the UI.

I hope this helps you create some cool new ideas that will help everybody in being successful in implementing and managing the RSA Identity Governance & Lifecycle platform.

Thank you very much for all of your support!

Anya Kricsfeld

Launching RSA Ideas

Posted by Anya Kricsfeld Employee Oct 31, 2017

For years RSA has been in business of providing best-in-class security products and services to you, our customers.  I am proud to be surrounded by extremely intelligent and creative coworkers who amaze me with their knowledge, imagination, and ability to make abstract a reality on daily basis.  However, I am even more astounded by the unending well of new ideas I see coming from our customer community every time I interact with or observe an interaction between us and you.  You are the true inspiration and driving force of our innovation.  We build products that solve your problems, we offer services that help you, and everything we do - we do with you and your success in mind.


This is why I am happy to officially introduce you to a new way to harvest and crowdsource our collective ideas together.  This month, we have launched new idea pages on our RSA Link Community:



These destination pages are places for you to show off your creativity and need, to suggest ways that would improve our offerings to help you be more successful.  It is also the place where you can collaborate on your ideas with other like-minded individuals and vote on ideas suggested by others.


We have a great customer community, let’s harness its creative power to see what we can come up with together.


For more information, please check out the following FAQs:

Identity is a critical risk component in all organizations. With recent breaches blanketing the news impacting almost all adults in the U.S., organizations are taking another look at their security programs to minimize the risk. It’s time for organizations to take charge of securing access to their sensitive data, systems and applications.

So why not take advantage of RSA Charge this October 17-20 to hear how your peers across banking, healthcare, insurance, technology and manufacturing industries are effectively managing identity to minimize risk? Each with a unique perspective of how they are implementing RSA SecurID® Suite technology in their environments to improve their security posture. Plus you can see how RSA is innovating our identity and access management solutions to address today’s identity and access challenges.

Here’s a handful of sessions you’ll be able to participate in at RSA Charge this year:

The Evolution from Authentication to Identity Assurance

While two-factor authentication is the standard for securing external access, the world has evolved and with it, so have users’ expectations. Learn how leveraging powerful risk analytics combined with dynamic access policies provides better Identity Assurance and creates a better user experience—all while maintaining the security posture in today's changing ecosystem.

Rethinking IAM: How Risk-based Approach Makes IAM More Effective and Strategic

Identity governance and lifecycle management is the cornerstone of an identity management program, but there is much more. Learn how taking a risk-based approach can make your program more effective at governing who has access to what while elevating the strategic importance and visibility to the C-suite.

An Epic Tale – How to Leverage IAM to Get a Handle on Your Electronic Medical Records System

In the session, you’ll learn how you can avoid an epic fail with your Electronic Medical Records (EMR) by integrating Epic EMR system into your identity management program with RSA.

This is just a taste of the exciting content we’ll feature in the Identity and Access Management track. Take a look at the full agenda at RSA Charge and check out the other awesome keynotes and networking events taking place. You won’t want to miss this!

Now is the time to take Charge of your identity program and there’s no better place to get started than by joining other RSA SecurID Suite customers at RSA Charge.

Register for RSA Charge by October 16 and save $100.

If you’re looking for the latest news, trends and innovations in identity, you’ll find it all at RSA Charge 2017 October 17-19 in Dallas. I hope you will join me this year along with the RSA identity team for three action-packed days of content and connections, with hands-on labs, RSA product previews, plenty of networking opportunities and more. It’s all part of RSA’s can’t-miss annual user conference, Charge, the premier event on RSA® Business-Driven Security™ solutions, where an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management unite.


Top 3 Reasons to Attend

By joining us for RSA Charge 2017, you’ll be able to:

  • Learn how you can reimagine your identity strategy with identity and access assurance, next-gen authentication solutions (including mobile push authentication, biometrics, FIDO tokens, smart phone authentication methods and more), and the latest in identity governance and lifecycle management technology
  • Go hands-on in labs learning recommended practices for RSA® Identity Governance and Lifecycle and preview the latest RSA SecurID® Access product features
  • Gain insights from your peers at top companies sharing how they solved real-life identity challenges and what they learned in the process

The Future of Identity Starts Here

RSA Charge 2017 is your opportunity to gather with RSA’s identity experts and executives to hear about RSA’s vision and strategy around identity. Keynotes by cybersecurity visionary and TED speaker Marc Goodman, RSA President Rohit Guy, and other RSA execs set the tone each day, followed by morning-to-night sessions exploring the shift from identity management to identity assurance, the move to multi-factor authentication and the evolution of identity-related risks and risk management. You’ll also hear first-hand from customers sharing stories of how they’re reinventing their identity strategies to address emerging challenges in authentication and identity governance.

Getting Down to Brass Tacks

Come to share your input into the overall identity customer experience, and leave with plenty of practical knowledge for improving your identity practice. We’ll guide you through detailed roadmaps of RSA Identity Governance & Lifecycle and RSA SecurID Access, and give you a sneak peek at the latest releases. We’ll also share some practical tips for specific identity projects like upgrades and quick starts. And we’ll show you how RSA Identity Governance & Lifecycle integrates with RSA Archer, RSA Authentication Manager and other key business applications to give you new ways to manage identity risk and to help you lower your risk of an audit failure (or worse, a data breach) while improving your overall compliance efforts, including those for GDPR.

Register Today for Special Pricing on Your Attendee Pass

Don’t miss your chance for an up-close look at what’s happening in identity today from RSA experts and customers, and other security industry leaders, at RSA Charge 2017. Register by September 15 for serious discount pricing. I look forward to seeing you there!

About RSA Charge 2017

RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world. Join us October 17 – 19 at the Hilton Anatole in Dallas, Texas. Register now!

This RSA SecurID Suite Navigator Tool is part of an ongoing campaign by the RSA SecurID Customer Enablement group to make it easier for RSA SecurID Suite customers like you to find relevant product training and documentation. The RSA SecurID Suite Navigator Tool allows you to filter content based on your role within your organization: Administrator, System Administrator, and Business User. You can also filter content by your knowledge level of the RSA SecurID Suite, from Basic to Intermediate to Advanced.


The RSA SecurID Suite Navigator includes content from the entire RSA SecurId Suite: RSA Authentication Manager, RSA Identity Governance and Lifecycle, and RSA SecurID Access. This navigator tool pulls content from different RSA business units and includes RSA University training content, Knowledge-based articles, as well as a vast collection of user documentation. The RSA SecurID Suite Navigator will be updated frequently to ensure you are receiving the most up-to-date content available. There is a dedicated team of RSA professionals across different business units to help you take charge and power your way to success with the RSA SecurID Suite.


In our continued efforts to provide the best content available, we rely on your feedback. If you cannot find what you are looking for in the Navigator, please complete the form we have provided on the main Navigator page.


You can find the SecurID Suite Navigator Tool on the main RSA SecurID product page or by navigating to the following URL:

With today’s ever growing threat landscape, the volume, sophistication, and potential damages of attacks is increasing. It is becoming increasingly harder to stop attackers from entering your system networks, isolating their motives, and most importantly removing them once they are there.  A typical security environment uses multiple disconnected technologies, supplying an immense amount of information.  Prioritizing a specific piece of data is important to responding quickly to attacks.  At a higher level, however, there is a need to understand if the security strategy is really effective for the business.  In summation, businesses need to change their security strategies.


The solution?  RSA provides a top down approach strategically linking business risk management with security events and priorities

  • Make security teams operationally more impactful
  • Strategically manage business risk

By bringing different practices together, linking security incidents with business context allows security teams to respond faster to protect what matters most.

The RSA suite of tools

  • Keeps the bad actors out, but allows entry to those that have legitimate need to easily access the system
  • Enables visibility and analytics to view the big picture to provide insights into specific attacks
  • Provides business context linked to contextual intelligence for a more informed approach
  • which can then be translated into action

The video in this eLearning discusses how RSA’s tools provide both the detailed information linked to the business context to protect the most sensitive assets.

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.


This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security  strategy in an increasingly uncertain high-risk world.


Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.


Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!


Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation


Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced


Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.


Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.


RSA Identity Governance and Lifecycle in the news!  


RSA Identity Governance and Lifecycle Receives Common Criteria Certification

RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.


Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.


And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’


So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.


Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  


Check out our latest IAM blog - Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure? by our own Steve Mowll and Chris Williams.