KuppingerCole Report
Executive View
By Matthias Reinwarth


NEXIS 4 implements intelligent role and identity analytics together with strategic entitlement lifecycle management processes. As such, it provides the basis for dedicated, business-oriented Identity and Access Management (IAM) self-services within an organization either as a stand-alone solution or as a companion component to existing IAM infrastructures.

1 Introduction

Managing access to corporate resources remains an underestimated challenge for many businesses. Traditional approaches leverage the concept of roles and role hierarchy as an implementation of Role Based Access Control (RBAC). Alternative access management concepts extend and complement this approach by relying on the interpretation of attributes and context data for assigning access rights (like group memberships or individual entitlements) at admin time or for making access decisions within the individual applications at run time. So, augmenting authorization models like Attribute Based Access Control (ABAC), Policy Based Access Control (PBAC) and Dynamic Authorization Management (DAM) are becoming increasingly important.

Most organizations opt for an enterprise-wide role design that breaks down existing complexity into manageable roles. The definition, implementation and maintenance of an enterprise role model demands mature business processes and strong tool support. Providing these processes as user-friendly, easily modifiable, and traceable workflows is becoming increasingly important. However, comprehensive, and adaptable administration capabilities for all types of authorization management paradigms in a uniform manner are a key requirement in today's enterprises.

Furthermore, to benefit from existing expertise within an organization, it is also becoming more and more important to involve a variety of business stakeholders in the management, verification and maintenance processes of entitlements, their set-up and allocation. As processes become increasingly digitized and employees, teams and their areas of responsibility continue to specialize, while the processes required for managing authorizations and identities are also constantly changing. Their proper implementation calls for the involvement of many kinds of subject matter experts in different types of organizational units, for clearly defined and efficient administrative processes and for appropriate tool support.

Modern IAM environments thus require new management tools that can implement the described aspects of modern and user-friendly authorization management. This is done by providing a variety of capabilities along the lifecycle of both managing and assigning different permissions. The majority of IAM and IGA systems and suites are now equipped with functionalities that can be categorized as delegated administration. The breadth and depth of available functionality varies between the systems of different vendors, while the effort to be spent on implementing required functionality sometimes can exceed months. In general, typical user interfaces for this type of delegated administration are not necessarily aimed at non-technical, business users.

For a comprehensive analysis and modeling of roles, but also for the provision of all workflows for the implementation of role lifecycle management in companies, a small, highly specialized market segment exists as a complementary offer to traditional IAM systems. Dedicated entitlement management tools mostly originated as comprehensive role mining and identity analytics tools. Today\'s leading tools further demonstrate their capabilities by providing a wide range of services and capabilities between automation, maintenance processes and governance.

This goes far beyond a unique approach to identifying initial role definitions, a point at which many initial role projects stop. Defining or reviewing the appropriate role portfolio with each role containing the right set of underlying individual entitlements for the required set of systems, infrastructures and applications must not be a one-time exercise. These serve as a framework for the administration, maintenance, and ongoing refinement of role definitions and for the assignment of the associated individual authorizations to identities.

2 Product Description

Nexis is a German software vendor based in Regensburg, Germany. They specialize in providing solutions and services around the analytics and the susta ...

The basic concept of NEXIS 4 does not focus on the replacement of functionalities of an existing IAM system, but rather on complementing missing funct ...

Login Get full Access

3 Strengths and Challenges

NEXIS 4 is a highly focused one-of-a-kind product, deliberately designed to implement a clearly defined set of tasks. It complements existing IAM depl ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.