Authentication & Authorization

Authenticate and Authorize Your Users Through Access Entitlements

IDMWORKS provides the capability for your organization to authenticate users and grant them the authorization to access company data and applications. This is accomplished through access entitlements and carefully planned roles, rules, and policies enforced automatically through vendor-based solutions. IDMWORKS can build these entitlements for your organization and implement the solutions to enforce them.
Browse All Packages

Authentication Management

Authentication management represents the process through which a subject provides valid credentials to satisfy the access requirements of the application, service or system to which the subject is trying to access. Reduced sign-on technologies centralize or seek to rationalize these authentication mechanisms in such a manner that multiple applications, services, and systems may rely on a central store for authentication or provides for synchronization of the subjects credentials so as to limit the number of credentials per user and improve the end-user experience.

Authentication Protocols

Authentication Protocols & Standards which prescribe how to present an authenticated subject; include Kerberos, SAML / Liberty, WS-*, OAuth, LDAP and application-specific standards, such as Windows NTLM.

VERIFICATION AND VALIDATION

Mechanisms to verify a subject’s credentials and provide a level of assurance as to the validity of the credential; also concerned with authentication policies and password policies.

Authentication Protocols

Authentication Protocols & Standards which prescribe how to present an authenticated subject; include Kerberos, SAML / Liberty, WS-*, OAuth, LDAP and application-specific standards, such as Windows NTLM.

Authorization Management

Traditionally, IT systems and applications each have their own implementation for authorization management or, more precisely, Access Control. This means that a user has an account for each system/application he or she uses and each system/application has its own permission structure and method of permission assignment.

RESOURCE IDENTIFICATION AND MANAGEMENT

Provides for centralized inventorying, labeling, and general management of IT assets.

ATTRIBUTE BASED AUTHORIZATION

Provides for granting resource access to a specific user to granting access based on the value of a user’s attributes. While user authentication is still required the access is no longer granted via a specific ACL. Instead at the point of authentication, a decision is made based on the value of specific attributes whether or not access should be granted.

ROLE-BASED AUTHORIZATION

Provides for modeling of access to IT assets based on information about the user, e.g. department, job function, location, etc., to automate access provisioning and validate the appropriateness of entitlements that are granted.