2. Stay connected to Allidm
Find us on Facebook:
http: //www. facebook.com/allidm
Follow us on Twitter:
http: //twitter.com/aidy_idm
Look for us on LinkedIn:
http: //www. linkedin.com/allidm
Visit our blog:
http://www.allidm.com/blog
3. Disclaimer and Acknowledgments
The contents here are created as a own personal endeavor and
thus does not reflect any official stance of any Identity and
Access Management Vendor on any particular technology
4. Contact Us
On this presentation we’ll talk about some useful topics that
you can use no matter which identity and access management
solution or product you are working on.
If you know one that make a big difference please tell us to
include it in the future
aidy.allidm@gmail.com
5. What’s an IDM Solution?
Identity Manager makes it possible to automate the
process of creating, updating, and deleting user
accounts across multiple IT systems.
This process is known as provisioning (that is, creating
and updating user accounts) and deprovisioning
(deleting user accounts).
6. IDM addresses the problems
Provision and Deprovision identities on the applications
Reduce Help Desk tasks due Password Management
operations
Change Password
Forget Password
Reset Password
Challenge Questions
User with access to the application still after sunset date
7. What look for an IDM Solution
Ease of Deploy
Portability
Open Standards
built using open standards and specifications as far as possible
SPML
Ease of Administration
web-based, graphical administration and console
command line interfaces
Security
Comprehensive Out-of-the-Box Reporting
Cloud-Ready Drivers
8. Choosing an IDM Solution
Choose an IDM solutions is not easy with the all offers on the
market, but you need to consider some high level requirements for
your company.
Web Administration
Web Self Service
Auditing and Compliance Components
Reporting Components
Workflow Engine
Request and approvals
Workflow Designer
Reconciliations
Bulk Load
Resource / Adapter / Connectors
9. How IDM works
A user submit a request for an account creation on the IDM
server
The IDM Server will have a workflow engine to process the
request and do some operation like request approvals,
notify user, generate audit logs, etc.
The IDM server is connected to a resource or application
thru a connector and provision / deprovision the user
account.
10. How IDM works
Typically a Manager will need to
approve the request
A user can request access
to one or more
applications
IDM thru a connector will execute the
action on the applicaton.
Some times a gateway is required on
the application side
12. IDM Core Capabilities - Workflow
Identity Manager provides workflow capabilities to
ensure that your provisioning processes involve the
appropriate resource approvers
Workflows can be initiated automatically whenever a
certain event occurs (for example, a new user is
added to your HR system) or initiated manually
through a user request.
13. IDM Core Capabilities - Workflow
Workflow-based provisioning provides a way for users to
request access to resources.
A provisioning request is routed through a predefined
workflow that might include approval from one or more
individuals.
If all approvals are granted, the user receives access to the
resource.
Provisioning requests can also be initiated indirectly in
response to events occurring in a schedule task or
synchronization process.
14. IDM Core Capabilities - Self-Service
Identity Manager provides self-service administration for
functions (management, Help Desk, and so forth) that are
responsible for assisting, monitoring, and approving user
requests.
you can enable individual users to:
Request access to resources such as databases, systems, and
directories
Manage their own personal data
Change their passwords, set up a hint for forgotten passwords,
and set up challenge questions and responses for forgotten
passwords.
15. IDM Core Capabilities - Auditing
knowledge that all of your user provisioning activities, past
and present, are being tracked and logged for auditing
purposes.
Typically the solution needs to provide a way to export
those audit logs to an external DB or Entity.
Internal Audit Logs
External Audit logs
Some IDM solutions provide audit logs outputs in CSV and
Database records.
16. IDM Core Capabilities - Reporting
By Default the IDM solution needs to provide some
basics built-in reports to allow the IDM administrators
Get Todays Activity
Get Weekly Activity
Get User Activity
17. IDM Core Capabilities - Roles
Users often require access to resources based upon their
roles in the organization.
When a user is assigned to a role, Identity Manager
provisions the user with access to the resources associated
with the role.
You can have users automatically added to roles as a result
of events that occur in your organization
Roles based provisioning provides a way for users to
receive access to specific resources based upon the roles
assigned to them
18. IDM Core Capabilities - Attestation
Role assignments determine a user’s access to resources
within your organization, and incorrect assignments could
jeopardize compliance with both corporate and
government regulations.
Identity Manager helps you validate the correctness of role
assignments through an attestation process.
Using this process, individual users can validate their own
profile information and Roles Managers can validate role
assignments and Separation of Duties violations.
19. IDM Core Capabilities- Data
Synchronization
Identity Manager lets you synchronize, transform,
and distribute information across a wide range of
applications, databases, operating systems, and
directories
20. Resources / Adapters
In IdentityManager, managed applications and other IT
systems are called resources.
Identity Manager uses either adapters or connectors to
interface with resources.
Adapters and connectors are installed on the Identity
Manager server.
Dozens of Identity Manager adapters and connectors are
available, and new ones can be created to communicate
with almost any resource using standard protocols or
known application programming interfaces (APIs).
21. Identity Manager Connectivity Suite
Operating Systems & Directories
Microsoft Active Directroy ,Sun ONE ,OpenLDAP V
SOLARIS ,Novell® eDirectory ,LDAP v3
Message Platforms
Microsoft Exchange Server,Lotus Notes / Domino Server
Versions
Applications
SAP R/3 Core , CRM, Custom Build Applications
Relational Databases
Microsoft SQL Server, Qracle ,MySQL ,PostgreSQL
22. Identity Manager Connectivity Suite
PeopleSoft
Microsoft
Active
Directory
Database
Identity
Manager
Unix /
Linux
LDAP
SAP
23. Common Mistakes
Think IAM implementation as a one phase project
Not involve to the application owners
Tester team lacking of IAM concepts
24. Keys to Successfully Implementing
IDM
Distinguish clearly between requirements.
Involve everyone, from the chief executive to the
users, in the project.
25. Road Map
Work in progress
Phase 1 Authoritative Source
Phase 2 Password Management
Phase 3 Self Service
Phase 4 Request Engine
26. IDM Solutions Around World
Some of the key vendors providing SSO Solutions are
Oracle
CA
Symplified
Forgerock
IBM
Courion
Atlassian