Allidm.com

Discovering Identity and Access Management Solutions

Identity ManagerIntroduction

http://academy.allidm.com

Find us on Facebook:http: //www. facebook.com/allidm

 Follow us on Twitter: 

http: //twitter.com/aidy_idm Look for us on LinkedIn: 

http: //www. linkedin.com/allidm Visit our blog:

http://www.allidm.com/blog

Stay connected to Allidm

Disclaimer and Acknowledgments

The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology

Contact Us

On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on.

If you know one that make a big difference please tell us to include it in the future

aidy.allidm@gmail.com

What’s an IDM Solution?

Identity Manager makes it possible to automate the process of creating, updating, and deleting user accounts across multiple IT systems.

This process is known as provisioning (that is, creating and updating user accounts) and deprovisioning (deleting user accounts).

IDM addresses the problems

Provision and Deprovision identities on the applications

Reduce Help Desk tasks due Password Management operations Change Password Forget Password Reset Password Challenge Questions

User with access to the application still after sunset date

What look for an IDM Solution

Ease of Deploy Portability Open Standards

built using open standards and specifications as far as possible SPML

Ease of Administration web-based, graphical administration and console command line interfaces

Security Comprehensive Out-of-the-Box Reporting Cloud-Ready Drivers

Choosing an IDM Solution

Choose an IDM solutions is not easy with the all offers on the market, but you need to consider some high level requirements for your company. Web Administration Web Self Service Auditing and Compliance Components Reporting Components Workflow Engine

Request and approvals Workflow Designer Reconciliations Bulk Load Resource / Adapter / Connectors

How IDM works

A user submit a request for an account creation on the IDM server

The IDM Server will have a workflow engine to process the request and do some operation like request approvals, notify user, generate audit logs, etc.

The IDM server is connected to a resource or application thru a connector and provision / deprovision the user account.

How IDM works

A user can request access to one or more

applications

IDM thru a connector will execute the action on the

applicaton.

Some times a gateway is required on the application side

Typically a Manager will need to approve the request

IDM Core Capabilities

Workflow Self-Service Auditing Reporting Roles Attestation Data Synchronization Resource/Adapters

IDM Core Capabilities - Workflow

Identity Manager provides workflow capabilities to ensure that your provisioning processes involve the appropriate resource approvers

Workflows can be initiated automatically whenever a certain event occurs (for example, a new user is added to your HR system) or initiated manually through a user request.

IDM Core Capabilities - Workflow

Workflow-based provisioning provides a way for users to request access to resources.

A provisioning request is routed through a predefined workflow that might include approval from one or more individuals.

If all approvals are granted, the user receives access to the resource.

Provisioning requests can also be initiated indirectly in response to events occurring in a schedule task or synchronization process.

IDM Core Capabilities - Self-Service

Identity Manager provides self-service administration for functions (management, Help Desk, and so forth) that are responsible for assisting, monitoring, and approving user requests.

you can enable individual users to: Request access to resources such as databases, systems,

and directories Manage their own personal data Change their passwords, set up a hint for forgotten

passwords, and set up challenge questions and responses for forgotten passwords.

IDM Core Capabilities - Auditing

knowledge that all of your user provisioning activities, past and present, are being tracked and logged for auditing purposes.

Typically the solution needs to provide a way to export those audit logs to an external DB or Entity. Internal Audit Logs External Audit logs

Some IDM solutions provide audit logs outputs in CSV and Database records.

IDM Core Capabilities - Reporting

By Default the IDM solution needs to provide some basics built-in reports to allow the IDM administrators Get Todays Activity Get Weekly Activity Get User Activity

IDM Core Capabilities - Roles

Users often require access to resources based upon their roles in the organization.

When a user is assigned to a role, Identity Manager provisions the user with access to the resources associated with the role.

You can have users automatically added to roles as a result of events that occur in your organization

Roles based provisioning provides a way for users to receive access to specific resources based upon the roles assigned to them

IDM Core Capabilities - Attestation

Role assignments determine a user’s access to resources within your organization, and incorrect assignments could jeopardize compliance with both corporate and government regulations.

Identity Manager helps you validate the correctness of role assignments through an attestation process. Using this process, individual users can validate their

own profile information and Roles Managers can validate role assignments and Separation of Duties violations.

IDM Core Capabilities- Data Synchronization

Identity Manager lets you synchronize, transform, and distribute information across a wide range of applications, databases, operating systems, and directories

Resources / Adapters

In IdentityManager, managed applications and other IT systems are called resources. Identity Manager uses either adapters or connectors to

interface with resources. Adapters and connectors are installed on the Identity

Manager server. Dozens of Identity Manager adapters and connectors

are available, and new ones can be created to communicate with almost any resource using standard protocols or known application programming interfaces (APIs).

Identity Manager Connectivity Suite

Operating Systems & Directories Microsoft Active Directroy ,Sun ONE ,OpenLDAP V SOLARIS ,Novell® eDirectory ,LDAP v3

Message Platforms Microsoft Exchange Server,Lotus Notes / Domino Server

Versions

Applications SAP R/3 Core , CRM, Custom Build Applications

Relational Databases Microsoft SQL Server, Qracle ,MySQL ,PostgreSQL

Identity Manager Connectivity Suite

Identity Manag

er

PeopleSoft

Microsoft Active

Directory

LDAP

SAP

Unix / Linux

Database

Common Mistakes

Think IAM implementation as a one phase project

Not involve to the application owners Tester team lacking of IAM concepts

Keys to Successfully Implementing IDM

Distinguish clearly between requirements.

Involve everyone, from the chief executive to the users, in the project.

Road Map

Work in progress Phase 1 Authoritative Source Phase 2 Password Management Phase 3 Self Service Phase 4 Request Engine

IDM Solutions Around World

Some of the key vendors providing SSO Solutions are Oracle CA Symplified Forgerock IBM Courion Atlassian

Allidm.com

Discovering Identity and Access Management Solutions

Allidm Academy

http://academy.allidm.com