Identity Management

Identity Management can be defined as the sum of all actions, which are necessary to unambiguously identify the users of IT systems and to assign precisely the access rights that they need to do their job to them.
In other words an Identity Management system is supposed to offer instruments to easily answer the following questions for all IT systems:

  • Who are your users?
  • Which access rights do they have?
  • Who granted those rights?
  • What are your users doing with their rights?

The goal of an Identity Mangement system is to provide components that automate the involved processes and to make those processes more traceable. The following illustration provides an overview of the components of a complete Identity & Access Management system:

  • IAM-DB
    The core component of every Identity Management system. All user data and all entitlements are stored centrally in this place.
  • Synchronization
    The user accounts and their attributes in the target systems, that are connected to the IAM, are synchronized according to pre-defined rules (“User Provisioning”).
  • Roles
    Role based access control is the key to an efficient, up to date Identity Management system. In particular in large, heterogeneous IT environments with numerous users, the potential savings when using role based access control (RBAC) are enourmous.
  • Approval-Workflows
    Often access rights that require special authorization cannot be assigned automatically but require a manual step of approval before the assignment. The workflow engine build into the IAM can be used to build arbitrarily complex processes (e.g. with escalation, substitution rules etc.) for that purpose.
  • Reporting
    All system and user actions in the IAM are securely logged and can be used to generate reports.
  • Compliance
    IAM systems alleviate the compliance with legal requirements. Especially the questions “Why does this user have this access rights” and “What can this user do with this access rights”, that are important for any IT audit, can be answered with the reports from the IAM system.
  • SSO
    Most of the times Single Sign On is the first convenience feature for the IT end user in an IAM project. Read more about SSO.

Contact us if you need further information or are if you’re interested in a live demo of an IAM system.

Webdesign und Webentwicklung by