Last Updated on December 4, 2014 by Dishan M. Francis
In previous article I have explain what IDA solution is and what we need to consider on implementing such a solution to business. If you didn’t read it yet you can find it on here
What is IDA Management Solutions?
IDA management solutions used to integrate, sync, manage different identities an organization uses. It can be different directories, different systems. For ex- Company ABC use Active Directory Domain Services (AD DS) to manage its users. It also have another web application hosted on linux platform which is using different identity store. Billing platform is maintaining another authentication system for customers and employers. Company XYZ its merge with using Novell eDirectory as its directory service. So IDA management solution it will help organization to integrate and maintain these different authentication systems without additional management efforts.
What are the features of IDA Management Solutions?
Multiple Authentication Systems
In an organization, there can be various authentication systems. It can be different directory services or databases. Most of the time IT professionals are used to merge these various system to one authentication system to provide Single Sign on (SSO) experience. Majority of applications, authentication systems allow to integrate them with different directory services. But some time it is important to maintain different identity stores while sync or exchange certain information among them. IDA management solutions allow to maintain multiple authentication systems while providing SSO or filtered information exchange.
Determining Authoritative Identity
As I explain before IDA management solution can integrate, synchronize and maintain identity data from multiple identity stores. When those systems works together it’s important to identify the attributes and the source of them. For ex- If “System A” requesting user information from “System B” for authentication it’s important to make sure “System A” is same source its claims to be before pass the sensitive information. There for IDA management solution will act as trusted information source which we can use for validate the information which are sync between multiple identity stores.
Authentication and Authorization
IDA solution will make sure to authenticate and authorize users based on the access control permissions or policies.
Add/Remove User accounts automation
When an organization deals with multiple identity stores it makes more work for IT staff for user account provisioning and de-provisioning. For ex- if company have 5 different systems when new use comes in IT department need to create use in all 5 systems along with appropriate ACL etc. imagine with 25 users how much of work load it will create ? Also the process can increase the possibilities for errors and it even can create security risks to entire network.
With IDA solution we can automate this user add/remove process across multiple systems. It will ensure the integrity, security, productivity compare to manual process.
Secure data exchange between companies
Due to business needs some time organizations needs to exchange access to data and resources with other companies, vendors or partners. It is not practical to force the other party to change their systems to compatible with ours. IDA management solutions allows to securely share access information to data and resources with minimum administrative efforts. It can be using domain trusts, federation services, forest trusts etc.
Secure Data Exchange
When deals with multiple systems its obvious sensitive information will share or sync between them. This communications may happens between multiple networks. IDA solutions will ensure all of the communication between different systems are secure and data exchanged between them are secured.
Safeguard sensitive data
Let’s assume “company ABC” merge with “company XYZ”. These are interconnected using domain trust. CEO of company ABC is sending email attached with office excel file contains salary information to CEO of company XYZ. So defiantly its very sensitive data which should not access by any other person. Even though it’s secure communication what if someone else in company got access to it? IDA solution can use to make sure the confident data only access by the authorized person. As example Active Directory Right Management Services (AD RMS) can use as tool to ensure only CEO of XYZ can open that excel file and no one else.
In next article let’s look in to some of IDA tools and techniques we can use.
Thanks for the post.