Authenticate and Authorize Your Users Through Access Entitlements
IDMWORKS provides the capability for your organization to authenticate users and grant them the authorization to access company data and applications. This is accomplished through access entitlements – carefully planned roles, rules and policies enforced automatically through vendor-based solutions. IDMWORKS can build these entitlements for your organization and implement the solutions to enforce them.
Authentication management represents the process through which a subject provides valid credentials to satisfy the access requirements of the application, service or system to which the subject is trying to access. Reduced sign-on technologies centralize or seek to rationalize these authentication mechanisms in such a manner that multiple applications, services, and systems may rely on a central store for authentication or provides for synchronization of the subjects credentials so as to limit the number of credentials per user and improve the end-user experience.
Authentication Protocols – Standards which prescribe how to present an authenticated subject; includes Kerberos, SAML / Liberty, WS-*, OAuth, LDAP and application-specific standards, such as Windows NTLM.
VERIFICATION AND VALIDATION
Mechanisms to verify a subject’s credentials and provide a level of assurance as to the validity of the credential; also concerned with authentication policies and password policies.
CREDENTIAL LIFECYCLE MANAGEMENT
Concerned with creation of credentials and the management of the credential lifecycle.
Traditionally, IT systems and applications each have their own implementation for authorization management or, more precisely, Access Control. This means that a user has an account for each system/application he or she uses and each system/application has its own permission structure and method of permission assignment.
RESOURCE IDENTIFICATION AND MANAGEMENT
Provides for centralized inventorying, labeling, and general management of IT assets.
ATTRIBUTE BASED AUTHORIZATION
Provides for granting resource access to a specific user to granting access based on the value of a user’s attributes. While user authentication is still required the access is no longer granted via a specific ACL. Instead at the point of authentication a decision is made based on the value of specific attributes whether or not access should be granted.
Provides for modeling of access to IT assets based on information about the user, e.g. department, job function, location, etc., to automate access provisioning and validate the appropriateness of entitlements that are granted.
GET HELP FROM IDMWORKS’
AUTHENTICATION & AUTHORIZATION EXPERTS
Provides a service for consolidating security decisions traditionally hard-coded in disparate applications into an external, centrally-managed and audited repository, allowing applications to focus on business logic and outsource authorization management in a repeatable, consistent way.
Supports assignment of users to entitlements or sets of entitlements, e.g. roles.
PERIODIC AUTHORIZATION REVIEW
Processing of periodically reviewing access granted to users by managers and application owners as part of a GRC program.