Intelligence Hub Overview
The Intelligence Hub is IdentityCenter's analytics and insights engine. It uses data analysis and machine learning to identify risks, optimize access, and provide actionable recommendations.
What is the Intelligence Hub?
The Intelligence Hub analyzes your identity data to:
- Identify Risks - Detect anomalous access patterns and potential security threats
- Optimize Access - Recommend access changes based on peer analysis
- Predict Issues - Anticipate problems before they occur
- Provide Insights - Surface trends and patterns in your identity data
Key Features
Risk Analytics
| Feature |
Description |
| Identity Risk Score |
Overall risk rating for each identity |
| Access Anomalies |
Unusual access patterns detected |
| Privileged Access Analysis |
Admin account monitoring |
| Dormant Access |
Unused permissions identified |
Peer Analysis
| Feature |
Description |
| Role Mining |
Discover natural access patterns |
| Outlier Detection |
Find users with unusual access |
| Peer Comparison |
Compare access to similar users |
| Access Recommendations |
Suggest access changes |
Predictive Analytics
| Feature |
Description |
| Access Requests |
Predict likely access needs |
| Risk Forecasting |
Anticipate risk trends |
| Compliance Prediction |
Forecast compliance issues |
| Resource Planning |
Predict capacity needs |
Intelligence Dashboard
Risk Overview
┌─────────────────────────────────────────────────────────────┐
│ Risk Distribution │
├─────────────────────────────────────────────────────────────┤
│ │
│ Critical ████░░░░░░░░░░░░░░░░ 15 (2%) │
│ High ████████░░░░░░░░░░░░ 65 (8%) │
│ Medium ████████████████░░░░ 180 (23%) │
│ Low ████████████████████ 520 (67%) │
│ │
│ Total Identities: 780 │
│ Average Risk Score: 32/100 │
└─────────────────────────────────────────────────────────────┘
Key Metrics
| Metric |
Description |
Target |
| Average Risk Score |
Mean risk across all identities |
<40 |
| High Risk Count |
Identities scoring >70 |
<5% |
| Anomaly Rate |
Percentage flagged as anomalous |
<10% |
| Orphaned Accounts |
Accounts without managers |
0% |
Risk Scoring
How Risk Scores Work
Each identity receives a risk score from 0-100 based on:
| Factor |
Weight |
Description |
| Privileged Access |
25% |
Admin rights and sensitive access |
| Access Volume |
20% |
Number of permissions |
| Access Anomaly |
20% |
Deviation from peers |
| Account Age |
10% |
Newer accounts = higher risk |
| Activity Level |
15% |
Recent login activity |
| Violation History |
10% |
Past policy violations |
Risk Levels
| Score |
Level |
Description |
| 0-25 |
Low |
Normal access patterns |
| 26-50 |
Medium |
Some elevated factors |
| 51-75 |
High |
Significant risk indicators |
| 76-100 |
Critical |
Immediate attention needed |
Risk Score Example
Identity: John Smith
Overall Risk Score: 68 (High)
Breakdown:
├── Privileged Access: 20/25 (Domain Admin)
├── Access Volume: 15/20 (142 group memberships)
├── Access Anomaly: 12/20 (15% above peers)
├── Account Age: 2/10 (5 years old)
├── Activity Level: 12/15 (Active daily)
└── Violation History: 7/10 (2 past violations)
Anomaly Detection
Types of Anomalies
| Anomaly Type |
Description |
| Access Outlier |
More access than peers |
| Activity Spike |
Unusual login patterns |
| Off-Hours Access |
Activity outside normal hours |
| Geographic Anomaly |
Login from unusual location |
| Privilege Escalation |
Sudden increase in access |
Anomaly Response
| Severity |
Action |
| Info |
Log for awareness |
| Warning |
Flag for review |
| Alert |
Notify security team |
| Critical |
Trigger immediate action |
Peer Analysis
How Peer Groups Work
IdentityCenter automatically groups users by:
- Department
- Job title/role
- Location
- Manager
Peer Comparison Report
Identity: Jane Doe (Marketing Manager)
Peer Group: Marketing Managers (15 members)
Access Comparison:
├── Groups: 12 (Peer Average: 8) ⚠️
├── Applications: 5 (Peer Average: 5) ✓
├── Shared Drives: 8 (Peer Average: 6) ⚠️
└── Admin Rights: 0 (Peer Average: 0) ✓
Recommendation: Review 4 excess group memberships
Access Recommendations
| Recommendation |
Reason |
| Remove Access |
No peers have this access |
| Add Access |
All peers have this access |
| Review Access |
Significant deviation from peers |
| No Change |
Access aligns with peers |
ChatHub - Natural Language Queries
Ask questions in plain English:
Example Queries
| Query |
Result |
| "Show high risk users" |
List of identities with score >50 |
| "Find users with no login in 90 days" |
Stale account list |
| "Who has access to the HR folder?" |
Permission report |
| "Compare John Smith to his peers" |
Peer analysis |
| "What are the riskiest groups?" |
Group risk ranking |
Supported Question Types
- Find - Locate specific identities or objects
- Show - Display reports and lists
- Compare - Peer analysis queries
- Analyze - Deep dive on specific items
- Summarize - Aggregated statistics
Intelligence Reports
Standard Reports
| Report |
Description |
Schedule |
| Risk Summary |
Overall risk posture |
Weekly |
| Anomaly Report |
Detected anomalies |
Daily |
| Peer Analysis |
Outlier identification |
Monthly |
| Trend Analysis |
Risk over time |
Monthly |
| Compliance Score |
Compliance metrics |
Weekly |
Custom Reports
Create reports with:
- Custom filters
- Selected metrics
- Chosen time ranges
- Export formats (PDF, Excel, CSV)
Best Practices
Risk Management
- Review High Risk Weekly - Focus on critical and high risk
- Investigate Anomalies - Don't ignore warnings
- Remediate Promptly - Address issues quickly
- Track Trends - Monitor risk over time
Peer Analysis
- Define Good Peer Groups - Accurate grouping = better insights
- Review Outliers - Investigate deviations
- Update Baseline - Adjust as organization changes
- Use Recommendations - Act on suggestions
Continuous Improvement
- Tune Thresholds - Adjust scoring weights
- Reduce Noise - Eliminate false positives
- Expand Coverage - Include more data sources
- Automate Response - Act on insights automatically
Integration
With Access Reviews
- Risk scores displayed during reviews
- Recommendations shown to reviewers
- Anomalies flagged for attention
With Policies
- Intelligence-driven policy triggers
- Risk-based policy actions
- Anomaly-based alerts
With Synchronization
- Risk calculated on sync
- Anomalies detected in real-time
- Scores updated continuously
Next Steps