IdentityStream Vision


You are in good hands with us.

We deliver business solutions

We deliver stable, coherent and logically sound business solutions that give you better control. With our systems, you will spend less time on day-to-day tasks and more time focused on the big picture.

We’re contactable & responsive

You quickly get good answers to your enquiries directly from skilled professionals who speak your language.

Our key progress indicator is business requirements met

We have skilled and pragmatic professionals that are very good at turning requirements into working software with qualities above expectations. We deliver modern and coherent solutions based on innovative technologies.



2 out of 3 undesired incidents related to access violation, involve an insider. Usually by mistake, sometimes malicious. With our solution, you can easily document the functions of your enterprise and what access these require. You also configure the access and access combinations that are risky. By connecting user to function, you further ensure that each individual only has access to what is needed at any given time, so-called “Least privilege”. This helps prevent data loss and reduces the threat surface of the enterprise. You get an overview of the most trusted users in the enterprise allowing you to implement additional measures for these, or to adjust permissions to reduce risk. Employees easily see what access they have. The latter is particularly important for credit and invoice authorizations because it reduces the risk of authorization breach.

The user concept of the solution is wide and extensible. It may be a permanent or temporary employee, a hired consultant, an external consultant, a robot, a system account, an operational user or a computer.

Managers including their deputies, themselves manage access and IT-equipment for their employees.  Users can find and apply for access themselves. Approval for access requests is turned on by default, but can be turned off per service and access level.

Our solution supports your existing processes, business logic, associations and functions. Examples of associations are Company, Department, Job Title and Type of user. As for function, you can connect access to association. Role is an umbrella term for function and association. Function and Department roles support hierarchical structure.

Our solution yields simplified lifecycle management of identities and access with automated workflow, business rules and easy integration with heterogeneous platforms, internally and in the cloud. The main process involved is “Joiner, Mover and Leaver of employment”, abbreviated JML. The solution supports JML via automated import from HR, both for association and other user data such as name and address. Combined with configurable access for association, this is a highly efficient automation platform.

The solution is readily available and easy to use. You can do all configuration and setup yourself. Thus you can continuously improve and increase the level of automation using internal resources. Automation trumps robotization. You can also implement new automated platforms through internal development.

The solution has excellent reporting capabilities. This is important for several functions, such as security, risk, compliance with external and internal auditors, HR, management, support, and administration. The reports are security trimmed so that they show only what the user is authorized for.

When an employee changes department, the new manager gets a certification task to audit the employee’s access. Managers are also assigned periodic certification tasks to audit all employees in the department. The manager audits the employee’s function and any special access granted beyond association and function. Cost and risk of employee access and access combinations, are the key figures in the manager’s certification. The purpose is to reduce risk and cost.



The solution is a platform for continuous improvement of operational risk management and compliance. As regulatory requirements and ethical guidelines change, you easily and smoothly adapt existing and set up new services to comply.

The application includes the following compliance and risk management services that each customer can customize to their needs:

  • Incident management
  • Managing risk based measures per incident
  • Risk-based measure lists for audits, regulatory inspections and internal controls
  • Application for proprietary trading in financial instruments
  • Application for directorships and business
  • Proprietary trading in real estate for estate agents
  • Whistleblower service
  • Notification of money laundering suspicion
  • Needs analysis and documentation of decision for recruitment
  • Application for severance package

It is easy to set up services for other types of reporting by building enquiry and order forms per service. The fields in the forms are given sequence and can have caption and description. The fields support input of the following data types:

  • A single line of text
  • Multiple lines of text
  • Choice (menu to choose from)
  • Numbers (configurable on the type – integers, floating point numbers with decimal)
  • Currency ($, €, $)
  • Date and Time
  • Lookup (for information that is defined elsewhere on the site)
  • Yes / No (check box)
  • Individual or Group
  • Hyperlink or picture
  • Calculated (calculation based on other columns in the table)
  • Poll result
  • External data
  • Managed metadata

Alerts, access and responsible case workers are configured per area and category of each service. Access can be linked to function, manager of rapporteur, managers in department hierarchy of incident or managers in department hierarchy of customer pertained in incident. It may also be linked to the owners of the processes involved. Each service is a configurable security silo. With a system for identity and access management as platform, comprising automatic import from HR system of manager hierarchy, employee association and function, this is a highly automated and very powerful authorization tool.



The enterprise service desk should be rigged for self-service. This means that users can find information to help themselves and that users have access to features to solve tasks. Our solution has a complete service desk built around these self-service concepts in an agile and elegant way.

User-guides are information, fact sheets and frequently-asked-questions about the services the enterprise offers its employees and the products it offers its customers. Most enterprises have such a knowledge database for internal use by support. By making user-guides available and searchable for all, employees are able to help themselves. Self-service is the fastest problem resolution. It also eases the load on the service center, which then can serve requests faster and spend more of their time proactively, for example by continuously improving existing and creating new user-guides.

Our solution places the searchable user-guides and service pages between user and service desk. It connects user-guide to service. Services have 1st and 2nd line support teams. By default, the solution allows submission of enquiry only in the context of a service. The users are hence forced to try and find information themselves first, and then contact the service desk if they cannot find what they are looking for. With submission in service context, enquiries are also automatically routed to the proper support team. People with the necessary knowledge, can thus begin to work on their enquiries, sooner.

Each service has one or more custom forms used for submission of enquiry or order. The fields in the forms can have caption and description. The sequence of the fields is configurable and they support input of all conceivable types of information. By only allowing submission of enquiry in the context of a service, the requests more often contain the necessary information because the proper form is filled out.

User-guides should be promoted on the Intranet and in handling of incoming requests. In telephone enquiries, callers should be guided to the search page and asked to find the user-guide or service to help themselves. User only need to remember how to get to the search page the next time a problem occurs. The same can be done with screen dumps in response to a written enquiry.

Not all knowledge database content can be made available to all employees due to complexity and confidentiality. Our solution supports multiple authorization levels for user-guides. The search results are security trimmed so that each user finds and have access to only the user-guides authorized for. That means the support teams can have their internal user-guides in the same location as the open. The support teams search for and read the knowledge base in the same way as regular users. The knowledge database has one single location.

Change password and unlock user account, are the two most common service desk requests. Our solution supports these features via colleagues. That means that employees can get help to do this from a colleague in the next seat. Password are sent via SMS to the mobile number registered to the user. All actions are logged and employee is alerted of actions performed by colleague.

Password policy is configured per user type. All conceivable configuration is supported. Passwords can be made pronounceable. Some password policies make it hard for users to come up with a new password when change is due. Our solution suggests passwords to use.

The solution also offers self-service setup of project and document rooms, including support for confidential rooms. The access administration for the rooms is simple, centralized and self-serviced. This builds on the IAM module.

With an IAM system at the base, having continuous import from the HR system, the solution has correct employee information and departmental structure at all times. The solution uses this for interactive visualization of department hierarchy with features such as find me, find colleague, find department, see employee and department information, see the Skype status of employees, IT cost per department and employee etc.

IAM concepts such as function, association, access and case worker teams, group employees. This can be effectively used for communication. The solution has a useful message central with SMS and e-mail distribution to one or more of these groups. It is for example possible to send a message to all having access to the service Adobe Photoshop or all employees of the division Private Market.



Our cost-benefit overview will surely show significant savings for your enterprise. Please contact us for a presentation.

The following are the main benefits:

  • Reduced staff on business development, IT operations and service desk
  • Higher quality IAM / Time saved on audits / You know access is correct
  • Simpler procedures for ordering  through automation of HR and the Joiner, Mover and Leaver processes
  • More streamlined access control and orders with automatic task distribution to the organization for approval and execution
  • Improved cost awareness through manager’s audit of employees’ access. Access/application licenses are ordered removed.
  • Increased quality of user data in AD and other systems – Imported daily from HR
  • Phasing out other IT tools and saved internal development cost
  • License cost saved with access management for leave of absence
  • Automated HR tasks
  • Faster IT delivery (access control etc) for the organization. Employee operative day one.
  • Automated/self-service password management
  • Reduced staffing of risk and compliance area. Increased value of higher quality. Increased awareness through automatic access for manager hierarchy and process owners.
  • More efficient reporting to the various security services including money-laundering suspicions
  • Automated organization chart
  • CRM access automation, SharePoint integration and continuous updating of employee information
  • Exchange automation: creation and maintenance of rules
  • The bulletin board with the possibility of SMS and e-mail distribution to roles and users of services, full traceability
  • Proactive software exception handling


Several functions are involved in the governance, control and assignment of identities and access. In smaller enterprises, it is natural that several of these functions have the same people.

Assignment and control of identities and access

A 1st line consisting of the authorization team, system owners, managers and the HR function, should be responsible for assigning and controlling identities and access.

Managers and HR use the features for Joiner, Mover and Leaver of employment. Managers also use the access certification feature for their employees and departments.

HR manages leave of absence and future department changes. HR is also responsible for the data foundation in the HR system, that JML is automated from.

System owners can automatically be assigned access requests to their services for approval and/or execution. System owners can also manage access to their services continuously. The authorization team manages the system owners’ capabilities and responsibilities per service and/or access level.

The authorization team alongside system owners and the assignment groups for each service, are responsible for the processing of incoming access orders. The authorization team has the overall responsibility. For example, a new employee will result in a person registration enquiry with an order book which contains a new order book per service to grant access to. The various assignment groups are assigned responsibility for the order books of their services, but the authorization team is overall responsible for the user being operative the first day at work for the employee.

An access level is either manual, automatic or register. Automatic means that the underlying system is automatically updated. Registration means that access only shall be recorded in the solution. This type is usually used because the underlying system is updated by a periodic export from the solution that the system imports on its side. Access orders for manual access levels must manually processed, i.e. the caseworker must modify access in the underlying system before moving the order to the completed state in the solution.

Governance and control of identities and access

A 2nd line consisting of the authorization team and the functions of risk management and security, should be responsible for governance and control of identities and access.

The authorization team governs the solution by setting up new services with access levels and by continuously improving these services. They create functional roles and adds access levels in functional and associative roles. If the enterprise has no automated HR import that creates associative roles, the team creates these too.

The authorization team also sets up one or more training services, each having any number of courses. Courses can be specified as requirements on roles, either by direct connection or via service and/or access levels of the role.

Risk and security are responsible for defining separation of duty access and for entering risk numbers on roles, services and access levels. This should be continuously improved and periodically controlled.

System owner is responsible for use of their access levels in roles and their assignment as special access to employees. The solution enforces periodic revision of this by system owners.

The following reports are the most important in governance and control:

  • All services
  • All access levels
  • All users
  • All roles
  • All companies
  • All departments
  • All job titles
  • All user types
  • Roles with access levels
  • Users with roles
  • Users with access
  • Users with access having license price
  • Users who lack standard access.
  • Users who lack mandatory access
  • Users with cost centers
  • Number of users per service
  • All computers
  • Users with separation of duty issues
  • Irregularities between registered and actual access
  • Roles with competence requirements
  • Employee competence deficiencies
  • Employee competence

The reports include all conceivable fields and each field has support for sorting and drill-down-filtering. The report “users with access having license price” for example includes company, division, department and cost centers, making it easy to divide the cost in the organization. The reports “All Users” and “All departments” have the possibility to sort to find the most trusted based on risk figures and the most expensive based on IT cost.

Security also uses these reports in its control function:

  • Active users without log-in last 30, 60 and 360 days
    • Ability to finalize user
  • Users with passwords that never expire
    • Ability to set passwords to expire in accordance with the domain password policy
  • Users that cannot change your own password
  • User objects that do not inherit rights from parent OU
    • Ability to set inherited rights
  • Users who have no password
    • Ability to fix individually or for all
  • Users without password change last 60 days
    • Ability to set passwords to expire according to Domain Policy
  • Users with failed logon past 24 hours and 7 days
    • Ability to see which domain controller logon was made on
    • Domain controller has more details about logging
  • Machines without log-in last 90 days

The solution currently has 43 different enquiry types. Both data requirements and access model is configurable for them. This flexible model makes it easy to introduce new enquiry types.

Integrity & perseverance


Our skilled and pragmatic professionals will turn your requirements into working solutions with qualities above expectations.

Application Development

We develop your ideas from start to finish.

SharePoint Customization

We develop custom designs, solutions and webparts for all versions of Microsoft SharePoint.

Microsoft Azure, Office 365 and SharePoint Online

We know how to implement your organization’s needs in the Microsoft cloud.

SharePoint Setup

We can help you get started with SharePoint in your organization.

Internet Site

We can develop and implement your cloud or on-premise hosted Internet site using technologies such as WordPress, SharePoint or plain html/css.

Solve Problems

We have a good working knowledge of Microsoft and software development technolgies in general. We have clients we hear from only a handful of times annually, when they need help to work out problems. Be it making a powershell script, system configuring or through communication with a third part vendor, we do not yield until the problem is solved. And we call a problem a problem, not a challenge. The challenge is to solve the problem and that challenge is ours.


You are in good hands with us, but you need not take our word for it. See what some of our customers and authority contacts are saying about our services.

Fast & Reliable


IdentityStream was founded in 2005 with a genuine desire to make coherent software that makes the workday easier for users on all levels. We have customers ranging in size from a couple hundred employees to Statoil ASA on the other end of the scale.

  • Tore Olav Kristiansen

    Tore Olav Kristiansen
    Founder and CEO
  • Håvard Meling

    Håvard Meling
    Principal Technology Consultant
  • Pouyan Sephavand

    Pouyan Sephavand
    Software Architect
  • Sjur Varhaug

    Sjur Varhaug
    Software Architect
  • May Elisabeth Håland

    May Elisabeth Håland


Do not hesitate to contact us.

Please Wait...
IdentityStream AS
Grannes Terrasse 87
(+47) 908 94 895

Follow us on: Twitter | Facebook

IdentityStream AS