Human Identity Management
Configure access governance, policy enforcement, and lifecycle management for employees, contractors, and partners.
Human Identity Management covers the full lifecycle of human access — from onboarding to offboarding — with AI-driven policy enforcement that adapts to user behaviour and risk context.
Connecting an Identity Provider
Before configuring policies, connect at least one directory. Navigate to Settings → Identity Sources and add your provider.
WNCYBER syncs users, groups, roles, and access rights from your directory. Changes in the source directory are reflected in WNCYBER within the configured sync interval (default: 15 minutes).
Access Policies
Access policies define the rules WNCYBER enforces when evaluating whether an identity should have access to a resource.
Policy Types
Static policies — rules based on fixed attributes (role, department, location). Example: “Users in the Finance department may access the financial reporting system.”
Dynamic policies — rules that incorporate contextual signals evaluated at access time. Example: “Grant access only when the requesting device has a compliant posture score above 80.”
Risk-based policies — rules that trigger automatically when an identity’s risk score crosses a threshold. Example: “Require step-up authentication when an account’s anomaly score exceeds the medium threshold.”
Creating a Policy
- Navigate to Policies → Access Policies → New Policy
- Select the policy type
- Define the identity scope (who the policy applies to)
- Define the resource scope (what the policy governs)
- Set the conditions and actions
- Enable the policy and set the enforcement mode (Audit, Warn, or Block)
Start with Audit mode to understand impact before enforcing.
Access Certification
Access certifications are periodic reviews that ask identity owners and managers to confirm that access rights are still appropriate.
Running a Certification Campaign
- Navigate to Governance → Certifications → New Campaign
- Select the scope — all identities, a department, or a specific application
- Set the review period and assign reviewers
- Launch the campaign
Reviewers receive email notifications with direct links to their review queue. WNCYBER tracks completion and sends reminders automatically.
Automated Remediation
Configure automatic remediation for accounts that reach the end of the review period without a response:
- Revoke — remove access rights immediately
- Extend — grant a short-lived extension and escalate to a manager
- Flag — mark for manual review without automated action
Lifecycle Management
Joiner / Mover / Leaver
WNCYBER monitors your connected HR system or directory for lifecycle events and can trigger automated actions:
| Event | Trigger | Example Action |
|---|---|---|
| Joiner | New account created | Provision minimum-role access based on department |
| Mover | Role or department change | Remove previous role access, provision new role access |
| Leaver | Account disabled or deleted | Revoke all active sessions, begin deprovisioning workflow |
Dormant Account Detection
Accounts with no activity for a configurable period (default: 90 days) are automatically flagged. Configure remediation under Policies → Lifecycle Policies → Dormant Accounts.
Privileged Session Management
For high-risk access (production systems, financial data, sensitive infrastructure), enable session brokering:
- Navigate to PAM → Session Policies → New Policy
- Define the target systems
- Set session recording requirements
- Configure approval workflows if required
Sessions are proxied through WNCYBER, recorded, and available for playback in PAM → Session Archive.