Identity Data Store & Virtual Directory
It’s 10PM, do you know where your identities are?
Identity And Access Solutions implements and secures directories and databases for storing and making identity info available. Whether it is a virtual directory model comprised of multiple views or individual authoritative stores and/or systems of record, we will discover, define, and secure the records that comprise your identity data.
We implement identity data management solutions that can act as an identity repository (Identity Data Store) where information about users/entities and groups in an organization is stored. The solutions implemented for user/entity profiles can contain data such as a first name, a last name, a phone number, group membership, an e-mail address, or any number of attributes that suits your organization’s specific requirements.
We can also centralize the non-employee user identities whose access rights generally receive little monitoring or auditing because they are spread across an organization. These non-employees would include consultants, contractors, vendors, interns, vendors, non-badged account holders, and temporary workers.
Identity Administration & Provisioning Service Capabilities
Provides a singular resource for searching and viewing profile information for enterprise users and entities as well as consumers and/or customers. The Identity Data Store is a central service that holds all important identity and entitlement data for your organization and services requests for information that empower real time communications and decisions for access control and business actions.
Provides for a consolidated view of user identity and related information without having to migrate users into a single enterprise directory infrastructure. It serves as a lightweight service that operates between identity consumers and the various identity repositories across the environment. These identity repositories can be LDAP directories, databases, or even web services and access to information can be either served through the virtual directory as a proxy or correlated and cached through a complex set of rules. The analogy is that a Virtual Directory is a one-stop shop for everything you need to know about your users and their associated data and attributes.
Provides a source of identity accessible through a standard protocol, LDAP; also provides a repository for authentication credentials and authorization data such as group memberships.
Provides automated, high-throughput services to move data between directories or databases while applying attribute mappings and transformation rules.
Provides a repository for rules and policy definitions, typically required by access management services.
Provides multi-step approval flows to automate request processes that require review and sign-off from authorized parties, such as managers, data owners, system owners, information security, etc., facilitating delegation to end users while still enforcing security policy controls.
USER/ENTITY & GROUP MANAGEMENT
Provides administrative tools and services that information security professionals utilize to administer user/entity identity and group entries throughout the enterprise, including privileged and application or service accounts.
Provides multi-step account provisioning to accommodate dependencies between accounts and to increase reliability, e.g. supporting creation of accounts in a specific order, performing retries or rollback in case of failure, sending notification of down systems, and more.
IDENTITY REGISTRATION & IDENTITY ASSURANCE (aka IDENTITY PROOFING)
Provides on-boarding and verification of new users and/or entities. Identity Assurance, aka Identity Proofing, may require call-outs to external services such as credit agencies, utilities, and government agencies to provide a level of identity assurance that the subject matches a valid person.
De-provisioning a user’s access rights is required every time an employee leaves a company. But without the proper process in place, many companies do not follow through with de-provisioning.
IDENTITY STORAGE & GOVERNANCE
Provides repositories for identity and/or account data. This typically includes services to routinely scan IT systems for discrepancies in expected and discovered accounts, and fires configurable processes which can notify application and business owners, disable or delete unknown accounts, create missing accounts, and revert or reapply authorizations.
IDENTITY DRIVEN ADAPTERS/CONNECTORS
Adapters that leverage standard and/or proprietary APIs to manage various account repositories and provide a generic interface to a provisioning system for managing account identifiers, profile attributes, credentials, and authorization information, such as group memberships. Some connectors provide the capability to directly manage generic data objects such as physical assets in LDAP stores.
RULES & ACCESS POLICIES
Provides for the application of business logic and policy in how and which assets are provisioned and how data is processed and transformed as it flows through the identity system.
JUST-IN-TIME (JiT) PROVISIONING
For when a new user tries to log in to an authorized application for the first time, they trigger the flow of information from the identity provider to the app that’s needed to create their account.