Sun has taken its Identity Manager provisioning software and married it with its Identity Auditor, which the company introduced in 2005. The result is Identity Manager 7.0, which is slated to ship by year-end. Identity Auditor will no longer be a separate product.

Sun's intent with Identity Manager 7.0 is designed to not only automate the process of assigning user access to various systems, but the follow-up process of routinely checking what that user actually has access to. The new features include compliance reporting, certification reviews, audit scanning and automated remediation. The intent is to bring auditors and IT together in the process of setting up and evaluating access permissions and network activity.

"One thing that's quite interesting here is the way that Sun is moving into the policy area," says Jonathan Penn, Forrester Research analyst. "They are building a way to represent [business] policy at a high level and translate that into security policies that these identity management systems can understand."

Penn says Sun still has a long way to go, but that identity management needs to evolve into policy management and enforcement. "Despite all the connectors and integration efforts, we still don't have enough control over who's doing what," he says.

Sun isn't alone; vendors such as BMC, CA, HP and Novell have developed or are developing similar products.

Sun's auditing software can identify policy violations, send notifications to compliance officers and help administrators deal with exceptions to policy rules.

"The idea is to encapsulate business policy and business controls and add that to the provisioning process," says Andy Land, product line manager for identity at Sun. "Compliance is driving people to go beyond the general provisioning lifecycle."

The new features in Identity Manager automate the auditing and review processes that are repeated regularly for a company to help it stay within compliance parameters of federal or industry regulations.

With Identity Manager, companies can present a unified view of users' identity and system access activities. The software includes a policy audit engine that scans for set policies and ensures they are being enforced on systems and applications. The software also features audit scanning, a compliance dashboard, automated reconciliation of roles and audit policies, provisioning with integrated audit policy and audit policy certification review.

Identity Manager 7.0 runs on the Solaris 10 operating system, as well as Windows, Red Hat Linux, Novell SUSE and Unix. The software carries a base price of US$200,000 (£106,860) and is $36 (£19) per internal user and $3 (£1.60) per extranet users. Adapters to systems such as Oracle, SAP, and Microsoft's Active Directory are priced at $25,000 (£13,358).