GitHub is making available a new IAM (identity and access management) tool, dubbed Entitlements, which leverages the company’s own Git framework to parse, track and approve access to a business’ systems.
The basic idea of Entitlements is to use a dedicated Git repository as a way to provide a centralized clearinghouse for identity management data and using pull requests to make any changes—new approvals, reverifications and any other changes can be made to a given repository for a given system.
The use of metadata tags also allows administrators to be granular in how they manage access to their systems—approvals dating back long enough can be subjected to mandatory reverification, differently tagged users can be granted different rights and privileges, and so on. Moreover, the use of Git provides a detailed audit log for the whole process, letting administrators track who requested what access and when, when it was granted, and by whom, for example. Detailed lists of groups, organized by manager, region, access level and more are also available for better auditing.
Git has been using the Entitlements system internally for “years,” according to the company’s official blog post announcing that Entitlements has gone open source. The system can be used on any Git repository, but using it with GitHub.com directly allows for more functionality, like the use of cron jobs to automate review and auditing tasks, or use a business data “source-of-truth” to push updates from an org chart to the Entitlements framework.
Moreover, GitHub said, like any good open source project, Entitlements is constantly being improved and iterated upon.
“GitHub uses Entitlements every day, averaging around 2,000 commits per month,” the company said in the blog post. “We’re constantly shipping improvements to the app and exploring ways to make it even easier to use. We want to enable others to use what we’ve built for their own IAM needs.”
More information about the Entitlements system is available at the app’s repo, and example configurations and workflows are available at the config repo here. GitHub also open sourced two output plugins for Entitlements, one to manage GitHub Orgs and Team memberships, and another that allows organizations to create robust audit logs.