Over the past couple months we have posted an influx of blogs, articles, videos, and reviews all discussing various facets of Identity Management. However we recognize that a simplistic overview of the essentials of Identity Management seems to be absent, and its intrinsic value is one that should not be missed due to confusion. It’s because of this need that we feel compelled to write this week’s blog post on the necessity of Identity Management, and break it down to its core values.
Identity Management is a powerful tool that can consolidate even the largest corporation. With the rising amount of credentials that employees need to maintain, it is becoming increasingly difficult to keep track of user accounts for each application within an organization. Studies have shown that employees (both past and present) pose a great threat to an organization; even more so if they leave on bad terms. Several questions then arise: What applications did this user have access to; how many user accounts did the user own; how is this data maintained; and lastly, who is responsible for removing or disabling the accounts? For organizations without a central solution for dealing with a user’s application accounts, the time it takes to identify and remove these accounts can vary greatly, often leaving a window of vulnerability open.
That’s where Identity Management solutions come into play. With Identity Management, administrators within an organization can control access to resources with the click of a button.
In a simple example, an organization has two resources where users exist: The first is a directory service and the second is a database. The directory service is used to authenticate users against machines they work on; it also grants them certain permissions based on their group membership within the directory. The database is a billing system where users simply exist, but administrators can view and manipulate data regarding payments for employees. Each of these resources requires their own user account for authentication, meaning the credentials can vary between the directory service and the billing database. If a user joins this organization, who determines the username and password associated with the applications? How are these two resources connected? In our simple example, it is easy to maintain a list of users and their accounts by hand. Now, throw in a mailing system, two terminal emulation applications, software for marketing, a help-desk solution, et cetera. The list goes on as a company expands, and as this company grows, maintaining that list, which originally consisted of two applications, grows increasingly difficult.
With an Identity Management solution, the process of creating, maintaining, and removing accounts is completely centralized. How is this accomplished? An Identity Manager can connect to any resource within an organization using customized code, known as connectors. These connectors allow the identity representing an employee from within the Identity Manager itself to be provisioned to target applications, connecting the IDM user object with the application user objects. With an IDM (Identity Management) solution, administrators can standardize the naming of user accounts, based on the resource the user is being provisioned to. For example, some applications may have a first initial/last name convention, while others have a first name/last name convention. With an IDM, this customization can be supported while providing the necessary consolidation.
The process for provisioning varies drastically between resources, as each requires different information from the user in order to function properly, and the user-object within IDM is completely customizable to account this.
What if an account is created within an application, but not in the IDM? The connectors can be configured to account for that. Through the process known as reconciliation, IDM can actively scan for new accounts in an application and then add it to its own collective list of identities. With both provisioning and reconciliation enabled, organizations can enjoy bidirectional synchronization from an Identity Management solution and its connected applications. Organizations can also enforce unidirectional synchronization by disabling reconciliation or provisioning for certain applications, as they see fit.
One last feature, and probably one of its greatest features is the ability to allow users to request access to the connected resources. By creating approval workflows, an organization can designate the IDM as their focal point for requesting access to resources. Approval workflows can be enforced per resource to ensure that once a request is raised, designated approvers receive the information regarding the request and can approve or deny it accordingly.
An Identity Management solution is essential for companies that are experiencing problems with maintaining user accounts across applications. It offers a single point of control that allows for the provisioning and de-provisioning of user accounts to or from any connected resource. It also grants employees a central place to go to request access to these resources, allowing for designated individuals to approve or deny the request before access is granted. The issues of granting a new user access to all of their necessary resources, and removing a user’s access from resources when they leave the organization, can all be solved by a click of the mouse through the central platform of Identity Management.
I hope you all have found this article helpful. If you have any questions regarding Identity Management, feel free to leave your comments here. I’ll be happy to answer any questions you may have.
Action Identity is a premier provider of Identity and Access Management solutions, offering solutions from distinguished partners like Oracle, Novell, NetIQ, ForgeRock, and Symplified to name a few. To learn more about Identity Management and a tailored solution for your company, please visit Action Identity’s website. To contact us directly, please click here.
Simiar Articles:
What is IDM?
Google Apps for Business & the Cloud
Much to do about Gmail, Password Management, and Your Smartphone
Read more...
No comments:
Post a Comment