go:Identity - The IDM Appliance
go:Identity functions in detail


With go:Identity we offer a complete, centralized identity management solution "out-of-the-box" for companies of all sizes.

go:Identity offers "best practice" functions, processes and automatisms that have proven themselves hundreds of times in practice.

Find out more about the most important functions and highlights here.

(You can find basic information about go:Identity  here - "go:Identity Overview")

User Life Cycle with go:Identity

Onboarding (new employee)

New employees can be created automatically from HR data sources or other external data stores as well as by means of uncomplicated processes through manual input.

Create identities of any different types (e.g. internal, external, admin - you can define your own). Determine the attributes and forms required for this yourself and thus facilitate processes for "non-IT" personnel. go:Identity creates the identity, calculates any attributes such as user name, email address, unique IDs and much more according to your specified rules.
go:Identity creates the user accounts based on rules or definitions and assigns exactly the authorizations that the new identity requires. go:Identity also takes care of initial passwords and their dispatch.

Of course, identities can also be created for the future and thus receive their access and assets exactly when they need them.



Changes can be varied.

Switching between departments, changed tasks in the company - go:Identity can automatically react to all such events and adjust authorizations or correct data, adjust or block access.

Data changes can be synchronized from any system connected to go:Identity. Changes in the HR data can therefore also automatically trigger the necessary changes in target systems.


Access Rights "Just-In-Time"

Time brings changes - go:Identity ensures secure authorizations and data at the right time.

Live views show you the current system accesses (accounts) and authorizations of your identities (including target / actual comparison) at any time.

With time limits with start and end dates, authorizations can be made available exactly when they are needed.



At the end of the life cycle of an identity, go:Identity takes care of the secure and consistent handling of access and authorizations.

When an entry date is reached, access and authorizations can be treated as desired: blocking access, labeling, moving, deleting - this and much more is flexibly possible. You simply determine the rules yourself.

Other periods of time such as short-term absence, parental leave or block times can also be treated in a controlled manner.

Automatic processes can proactively warn before a limit date is reached, or take on further downstream actions such as archiving, deletion or other post-processing.

Self-service functions

IT Shop

go:Identity's clear "IT shop" allows employees to request access, authorizations or other "articles" for themselves or for other definable groups of people.

In addition to a convenient search, multi-level categories help you keep track of things even with tens of thousands of authorization roles in the shop.

The orders themselves are processed in the integrated workflow environment of go:Identity.

All those involved are kept up to date on the progress and the results of the orders, both on a dashboard and by e-mail.



For all items that can be ordered in go:Identity, flexible multi-level approval paths can be defined for each object if required.

  • "without further approval"
  • "Approval by the superior"
  • Data / subject managers
  • technical responsible
  • e.g. "Segregation of Duty" and special clearances

All conceivable combinations are possible, but your own processes can also be implemented.

Those involved are comfortably informed by email.


The workflow processes support escalations in defined business hours. A "substitute function" enables approvals to be carried out even in the event of absence. All decisions, with comments if required, are completely logged.

go:Identity supports you in the implementation of a secure and revision-compliant assignment of authorizations.

Away from opaque releases of a necessary authorization through processes that contain verbal agreements, unstructured e-mails, paper or electronic forms and established habits and which end in a mostly non-verifiable instruction to IT, often by shouting or e-mail.

go:Identity involves the right people in charge and then eliminates manual tasks for IT. Because once those responsible have given their consent, the necessary technical implementation can be carried out automatically.

Password functions / password self-service, registration and personal data

Password Service & Self-service

  • "Forgot password" service via Questions and Answers or via token link reset via email.
  • Controllable access to password reset for identities for e.g. Helpdesk staff or responsible persons.
  • Central password portal with password rules and synchronization in target systems.

Self registration

  • Self-registration option for new identities (involve your partners, customers and external service providers).
  • Including mail opt-in.
  • Including configurable approval process.

Personal data

  • Show your employees the data you have saved about them.
  • Let your employees maintain any data (e.g. room number, extension, etc.).
  • Synchronize this data in target systems.
Distributed administration

Administration by those responsible

"What if ..." ... project managers could maintain the members of their e-mail distribution lists themselves? Or the access to certain file shares could be assigned and withdrawn again by those responsible themselves? What if questions and reports on "Who has access to my file share?" are absent because those responsible can look it up themselves at any time?

With go:Identity you can do just that and give your managers an easy-to-use tool that can do all of that.

This can shift a large part of the administrative activities that are now part of IT to the specialist departments. This reduces the IT effort and increases the speed for users.

For example, enable a local fileshare admin to easily manage the members of the corresponding AD groups via the web browser without giving him or her administrative access to the console in the AD.

Of course, all such actions are audited and thus remain traceable.

Access Governance: Control and Rules

Target / actual comparison

go:Identity knows the target status of authorizations in target systems: exactly the authorizations that the identities should have.

But the final authorizations in the target system can differ, e.g.

  • because manual administration was carried out in the target system,
  • because other processes were involved,
  • or because automatic changes were temporarily not possible due to technical interruptions.
go:Identity shows such deviations online or in reporting and automatically corrects them if required.

Attestation / Recertification

In go:Identity you can flexibly create any number of different attestation campaigns for regular recertification of

  • Groups of people
  • Departments / project groups / locations / positions
  • Roles and permissions
  • Authorization assignments
  • and much more.

Including "clearing center" functionality in the event of ambiguities, delegation, any actions after "confirmation" or "rejection", smart email notification. Everything online and documented.

No more endless lists and email chaos at the end of the year. Those responsible work directly online in go:Identity in an uncomplicated interface.



In order to adhere to and review compliance rules, it is crucial that assigned authorizations and data are always traceable. go:Identity maps rules reliably through automation and answers the important questions about all assigned authorizations and stored data:

  • Origin of authorizations through automation.
  • Direct access to information about the approval processes for approved authorizations.
  • Audit function for all data and authorization changes with "before / after" data.
  • Independent storage of audits for flexible adaptation of retention periods.


Is there information that you cannot see online in go:Identity? Hard to imagine, but of course go:Identity allows you to create any reports and data exports:

  • Flexible report design with professional design software with export options in PDF, Excel®, Word®, CSV, text formats and much more.
  • Regular data deliveries by email.
  • Data exports for external systems.

If required, the system can optionally be expanded to include a report and information portal using JasperReports® Server.

In addition, go:Identity allows you to send dynamic notifications very easily and flexibly. For example, automatically a list can be sent to the supervisors, which of their employees will be leaving soon, e.g. in 14 days.

Further highlights: Out-of-the-box - everything inside

Easy Access using web browser

  • End users and administrators usually only work with the browser - no plug-ins, no additional software.
  • All common browsers are supported (MS Edge, Firefox, Chrome, Safari, ...).
  • Integration in SSO scenarios, e.g. Kerberos, SAML, OIDC.

Multilingualism and design options

  • Interface in German, English, French already available.
  • Maintain your own dictionaries - go:Identity adapts to your language usage.
  • The appearance can be adapted to your "corporate design".

E-mail functions

  • Easy integration.
  • Multilingual email templates with dynamic content. Own e-mail templates and HTML templates for "nicer e-mails".
  • Various active e-mail notifications and mail triggers.

Manual entitlements

  • For "instructions" to external systems and administrators via e-mail or workflow tasks.
  • E.g. also suitable for simple hardware and software assets.
  • Integration into the user life cycle.

go:Identity permissions and forms

  • Flexible configuration options: who can see what, who can change what?
  • Forms, attributes, selection lists are very easy to adapt.
  • Functions on the dashboard are configurable.

and much more

More Information? Schedule a Webcast for go:Identity

Please tell us your e-mail address and your name. We will then contact you to agree on a demo webcast appointment.

Please enter name
Please enter email address Email address not valid