Robotic Process Automation (Bot) Identities
IdentityIQ supports the use of Robotic Process Automation (RPA) or bot identities. An RPA or bot is an application that can perform automated tasks, especially simple, repetitive tasks such as requesting access and managing identities.
Bots require effective governance just as traditional identities do:
- The need to manage bots in your organization or under your control. You need to be able to see all the bots, along with their access and have the ability to add, remove access to bots.
- Your organization might have bots that do password resets for certain populations in the organization. You need to make sure that the bots have the right access and are the right version to do their job.
- The need to show auditors that your organization has owners who are accountable for managing bots, as part of certification.
- The need for an ability to define policies to ensure that bots do not get too much access.
- The need for an ability to define lifecycle events on bots, so that you can enforce controls on when bot access changes or when bots are retired.
IdentityIQ's governance capabilities for bots includes the abilities to:
- Manage bots and their attributes
- Request access for bots
- Certify bots
Categorizing Identities as Bots
IdentityIQ uses standard attributes to the identity object, to help you categorize and govern your bot identities: Type, Version, and Administrator.
-
Type: an attribute to define the type of identity. One of the standard values for this attribute is RPA/Bots, to help you easily identify the bot accounts in your environment. The other standard values for this attribute are Employee, Contractor, External/Partner, and Service Account. You can also define your own types in addition to these five.
-
Software Version: an attribute indicating which version of software the bot is using. This attribute is intended to be used only for bot identities
-
Administrator: an attribute to indicate who is responsible for the bot identity’s administration; the equivalent of a manager, for a bot identity. This can be an individual identity, or a workgroup. This attribute is is intended to be used only for bot identities.
Requesting Access for Bots
Access is requested and granted to bots in the same was as to any identity. You can use the Bot type to help you narrow down your access request to just bot identities. In the Manage User Access UI, use the Filter option to select identities by type, selecting RPA/Bots as the type. Then you select your access items, and proceed with the access request as usual.
Certifying Bot Access
You can certify bots just like any other kind of identity. Although bots can be included in other certification types, if you want to run a certification that is targeted exclusively to your bot identities, you should use a Targeted Certification.
The Targeted Certification gives you a number of options for choosing who to certify. The simplest way to select just your bots is to Filter your selection by Type Equals RPA/Bots.
Reporting on Bots
The standard Environment Information Report includes data by identity Type, so that you can see at a glance the number of bot (and other types of) identities in your environment.
Policies for Bots
Any policy that can use an identity attribute as part of its criteria can use Type, Administrator, or Software Version as part of defining a policy. For example, in a Separation of Duties policy you could specify an identity attribute using type "rpa" (for RPA/Bots) as part of your business rule.