Post on 25-Feb-2016
description
To learn more about Directory Concepts and how we can help your organisation
please contact a Directory Concepts relationship manager near you:
Sydney +61 2 9904 3430Melbourne +61 3 9804 8500Brisbane +61 7 3369 3500Wellington +64 4 460 5273
National Support: 1300 366 946 or helpdesk@directoryconcepts.com.au
Using an organisation’s identity information to enable
TRIM
Agenda
• Introduction• Identity Lifecycle Management• Integrating TRIM
Who are Directory Concepts?
• Offices Brisbane, Sydney, Melbourne and Wellington
• 6o+ technical staff across these locations• 10 years speciality in identity driven
solutions• Platinum partner status with Novell• Technical staff are recognised in the
industry as maintaining the deepest identity specialty skill set in the Asia Pacific region
• Consult and support to government on identity and access management across the region
DC Offerings
Consulting Services
ArchitectureConsultancyBusiness analysisDesignProject management
Professional Services
Project build and deployPost project supportSpecialty managed services
24 x 7 helpdesk servicesContract onsite services
Introductions
• My background?─ Software Development (corporate and startup)
─ Experience in Education, Financial and Government sectors
─ Head of Development Vertical at Directory Concepts
Information Management (IM)
Documents IdentitiesIdentity
Management(IDM)
Identity Lifecycle Management
• What does it promise?─ Automation of the process to manage access rights from the day a user is hired until the day they leave the organisation
─ Consistent and accurate information and access rights across all connected systems
• So what is it?
Identity Lifecycle Management
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
Key Elements of Identity Management
Business Issue: Your Enterprise has many Identity Stores
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
Many of your Enterprise’s applications own a piece of the User's Identity.• This Identity data can be expensive to
maintain.• The Data may not be shared by everyone
who needs it.• This Data may not be accurate, consistent
or kept up to date.
Novell's Solution:Create a Central Identity Vault
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
Identity Isolation problems can be solved by creating an Identity Vault.• A location for centralized
identity management• Many applications share the same
identity data and authentication and authorization functionality
• Lays foundation for access control
• Provides basis for role-based personalization based on rights
Identity Vault
The Solution:Advanced Identity Synchronization
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
In order to aggregate this identity data into the Identity Vault we utilize Identity Synchronization technology.• This allows you to utilize data
owned by many systems to create a single rich identity
• It allows for distributed ownership of portions of an identity, while allowing a single, centralized identity that can be leveraged by a myriad of systems.
Identity Vault
Distributed Ownership of Dataa centralized view
Help Desk System
E-Mail System
File & Print
PBX
HR System
Identity Vault
Email Address
First NameLast NameEmployee IDAddressLocation
Phone Number
Network Address
First NameLast NameLocation
Email AddressFirst NameLast Name
First NameLast NameLocation
First NameLast NameEmployee IDLocation
User ID
Novell IDM Application Coverage
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
Roles Management
• Maps Business Roles to IT Entitlements• Assign users to Roles based on business
policies and an exception approval process
Novell Solution:Roles Based Provisioning Module
• Role represents business function/position• Business and user centric (authorisation
workflows)• Assign resources to roles and then assign
the roles to the users or groups or organisational units (Inheritance)
• Delegation• Separation of duties
Novell Identity Manager Roles Based Provisioning Module
20
Integrated Roles Management & Workflow
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
Novell Solution:Automated Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
In order to give user's access to the resources they need we utilize dynamic provisioning capabilities.• This allows Identity Manager
to capture events that occur in an authoritative system such as an HR system
• The Identity Management system provisions user in realtime based on policies
Identity Vault
Policies
HR Personnel
Novell Solution:Workflow Based Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
In situations where access to resources should require approval, a user facing provisioning environment is created.• Users only see the
resources that they can request based on their Identity
• Policies determine who should approve access to the resource
Identity Vault
Policies
UserApplication
User
User'sManager
Novell Solution:Workflow Based Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
• The Manager can access the Provisioning User Application. Here the manager can deny or approve the request
• Access is Granted immediately
Identity Vault
Policies
UserApplication
User
User'sManager
Workflows - simple
Workflow Features
• Highly flexible─ Can be as simple or complex as desired
• Time-outs and escalation• Third-party integration (SOAP/Web Services)
─ Generate service desk tickets• Can be user initiated or automatically
initiated• Customisable forms
Business Process Automation
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
End Users: typical issues
• Unfavourable user experience─ Required to call service desk─ “I have too many passwords”
• Service desk over-utilisation─ Password resets─ Simple requests (file access etc.)
• Security─ Users creating their own credential store
• Lost productivity
Case Study
• Organisation with 2000 users─ 3592 password resets (forgotten/expired)─ 1162 requests for additional access
• 3592 password resets pa─ Gartner: ~25AUD (22USD) for each password reset
─ 3592 x 25 = $89,800* pa• 1162 file access requests pa
─ ~15 minutes to complete each request─ 1162 x 15 = 17430 minutes = 290 hrs = 36 days
* Does not account for lost productivity
User Application
• Web-based interface to display and allow users to view and manage identity data in the identity vault.
– Organization Charts
– White Pages
– Profile management
– Password management
Novell® Identity Manager
Novell Identity Manager delivers:• User Provisioning• Roles Based Access Control• Identity Integration• Password Management• Delegated Administration/Self Service• Automated workflows (both data driven and approval driven)
Databases
GroupWise
PeopleSoft
LDAP Directories
Mainframes
Windows Server
BMC Remedy
Notes
Avaya PBX
Administermy resourcesor workgroup
Search / browseusers or resources
Requestaccess toresources
Recover forgottenpassword
Self-administration
Approved
Identity and provisioningenvironment
Identity Vault
Identity Manager
•Reach global customers
•Tighter supplier relationships
•More productive partnerships
•Consistent security policy
•Immediate system-wide access updates
•Consistent identity data
•Automated risk mitigation
•Enterprise SoD
•Eliminate redundant administration tasks
•Reduce helpdesk burden
•Fast employee ramp-up
•User self service
•Focused, personalized content
•Delegated Administration
•Comprehensive profile view
•Password management
Identity Management
•SOD requirements
•Role-based access
•Least privilege access
•Real-time visibility and disclosure
•Basic compliance reporting
Business Facilitation
Governance &
Security
Increased Productivity &
Cost Reduction
Regulatory Complianc
e
Increase Service Level
Allow the enterprise to address Pain Points and business initiatives from the IT Manager to the CxO
Integration with HP TRIM
• Connecting• Translating• Access Control
Connecting• User Lifecycle Integration
─ Indirect• Database Staging Table
─ Direct• Web Services via SOAP Connector
– Stateless• Custom IDM Connector
– “Stateful”– Bi-directional
Translating• Mapping LDAP Classes to TRIM Locations
Class LocationUser Person
Group Group/Project Team/Workgroup
Organizational Unit Organization
Managing Locations
• Create, Update and Delete─ Persons─ Workgroups─ Organisational Units
Access Control
• Some Options─ Minimal rights initially, manually adjusted by TRIM administrator
─ Based on Org Unit, Group membership, other identity attribute
─ Configurable via On-Boarding application
Case Study
• Government Department in Victoria• Involves multiple systems• Simple workflow via email• ‘Best guess’ for access based on Org Unit
then modified/approved by TRIM administrator
OBA
Meta
1
1. Create new user request2. User created, basic services activated3. For eligible users, email sent to requestor, link to TRIM form4. Form completed by requestor, TRIM location(s) confirmed, submitted to Web App5. Web App queries DMC re TRIM client installation, emails ARS Remedy if required6. Enquiry User account created in TRIM7. User added to TRIM mailing lists in Notes
3
Web App
Requestor
4
2
DMC
6
7
5a
5b
Conclusion
• IDM integrated with TRIM can
─ Reduce the cost of managing user and access management
─ Provide timely and secure access to services like TRIM
─ Increase business leaders trust in IT, in regard to compliance
─ Reduce the risk of human error
─ Strengthen security without raising costs or diminishing productivity
Questions?
Directory Concepts
• Come and visit us if you have any further questions or would like more information on Identity Management