ZETI

Zero Trust Improvements

privilegedprotectionmonitoringcomplianceaccess-control

Close the least-privilege enforcement gap in IDM environments.

The problem

NetIQ IDM is extremely flexible. Up to a point, it easily enables self-service and other techniques, opening the door to too many access rights being granted to users — in contradiction with the Least Privilege principle.

Techniques like regular access-review campaigns can be used to mitigate the issue, but they only happen from time to time — typically twice a year — and depend heavily on human discipline.

The solution

Add specialized NetIQ IDM drivers to your environment to better detect and manage situations where the Least Privilege principle should be enforced.

ZETI helps you react almost on the spot when excessive or abnormal access rights are granted. It also helps automate access-right cleanup during users' lifecycle.

The result is continuous enforcement rather than periodic review — closing the gap between when privilege drift occurs and when it is detected.

Near real-time detection of privilege drift, replacing the typical twice-a-year access review cycle with continuous enforcement.

Component map

What makes up ZETI. Click any product to explore.

B03

UserStatusActions

Core

B06

ReassignManager

Core

C33

ADLA

Core

C35

ADEMA

Core

B02

RoleMonitor

Supporting

C25

SendMail

Supporting

P107

PEA

Supporting

What ZETI delivers

IAM-aware privileged group monitoring

governed local admin access

attribute and entitlement protection

faster privilege-drift detection

preserved accountability chains

stronger least-privilege posture

Operational claims

detect privilege drift in seconds

govern local admin through standard IAM controls

preserve accountability when managers leave

combine monitoring, enforcement, and lifecycle hygiene

Core components

The essential building blocks of ZETI.

B03UserStatusActions

Automate lifecycle-driven user management within OpenText IAM.

Executes predefined actions when a user reaches a specific lifecycle status, centralizing automation and improving joiner-mover-leaver hygiene.

B06ReassignManager

Preserve accountability chains when managers leave the organization.

Reassigns a user's manager when the current manager leaves or is disabled, preserving approval chains and preventing orphaned relationships.

C33ADLA

Bring local administrator access under full IAM control.

Sets a user as local admin on domain-joined computers when the corresponding IDM role is granted, enforcing controlled endpoint admin rights.

C35ADEMA

Real-time protection for your most critical Active Directory groups.

Alerts security teams in real time when high-risk AD modifications occur, improving monitoring, audit evidence, and incident triage.

Supporting components

Complementary capabilities included in ZETI.

B02

RoleMonitor

Tracks and notifies when roles are granted or revoked, creating immediate visibility and an evidence trail for ops and audit.

C25

SendMail

Sends configured email notifications using eDir technical objects, standardizing messaging setup and making changes easier for administrators.

P107

PEA

Enforces and protects attribute values across eDir and remote systems when changes flow end-to-end, preventing unauthorized drift and improving compliance.

Ready to explore ZETI?

Request a demo View all bundles