Advanced SoD – Intelligent Segregation of Duties in IAM

Define global segregation rules, responsibilities, and scopes.

Instantly identify SoD violations during access assignments.

Implement flexible approval workflows for temporary exceptions.

Use built-in workflows for access requests, approvals and reviews.

The SoD matrix is checked in real-time. If conflicts arise, they are either directly denied or require explicit exception approval. Approved exceptions include automated expiration following policy settings.

Potential conflicts are flagged during role design. Built-in validation tools support the creation of conflict-free role models by applying predefined checks, helping organizations establish secure and compliant role structures from the start.

• Conducting a workshop to assess your existing role models, authorization structures, and compliance requirements

• Reviewing your current SoD (Segregation of Duties) implementation – e.g., using the Garancy Rule Engine – and identifying areas for improvement

• Developing a customized SoD concept, including the definition of SoD classes, role ownership, and governance structures

• Creating a company-specific SoD matrix based on industry-specific standards such as MaRisk, BAIT, or ISO 27001

• Technical setup of Advanced SoD within your IAM solution

• Defining and implementing automated validation logic as well as approval and escalation workflows

• Integrating SoD controls into your existing role and access assignment processes

• Delivering training sessions for administrators, business users, and compliance officers

• Knowledge transfer to enable in-house maintenance of SoD policies and conflict rules

• Supporting all testing phases, including unit, integration, and user acceptance testing

• Assisting with go-live activities, including monitoring and fine-tuning

• Analyzing and transferring existing SoD rules from legacy systems

• Cleaning up and modernizing role models to prevent conflicts