Академический Документы
Профессиональный Документы
Культура Документы
Identity Management
General
i. Identity Management shall allow for centralized provisioning of users at the regional data
center, thereby allowing users to get access to resources like operating system- AIX,
Solaris, HPUX, Windows, RDBMS- Oracle, DB2 , Directory Servers (LDAP), BSS/OSS
applications, IN and VAS elements etc. It shall integrate with the Access Management
System. Bidder shall calculate the user count based on number of concurrent users
which will access the different systems of data center.
ii. Identity Management software shall include user provisioning for Access Management
and OS and Database Software for provisioning.
iii. Identity Management system shall seamlessly integrate with the Access Management,
LDAP Server, Operating System and Database Software for provisioning.
iv. The Identity management for user provisioning shall have a workflow for automating
approvals for user access management, self-registration and self-care functionality for
reducing the administrative load and manual intervention.
v. The Identity Management Solution for Provisioning shall have the following functionality a. Connectors to Access Controlled Systems
b. Password Management
c. Access Rights Accountability
d. Access Request Approval and Process Automation
e. Access Request Audit Trails
f. Distributed Administration
g. User Administration Policy Automation
h. Self -Regulating User Administration across Departments
vi. Connectors to Access Controlled Systems shall include the following:
vii. It shall provide connectors for all target BSS/OSS systems that need to be managed.
viii. There shall be a connector development tool to extend support to additional target
systems.
ix. Connector communications shall be bi-directional to efficiently receive changes from the
managing system and to report changes made to the local resource.
x. Connector communications shall be secured with encryption/authentication.
xi. Connectors shall protect authentication credentials used to log into administrative
privileges on managed systems.
xii. Password Management shall provide the following:
a. User self-service through the Web without logging onto the network.
b. Challenge-Response system to authenticate a user with a forgotten password
by using shared secrets.
to
to
to
to
v. Ability to dynamically and automatically change access rights based on changes in user
roles.
vi. Ability to define implicit access rights available to users in a role upon their request and
approval.
vii. Ability to use defined organizational information to dynamically determine routing of
approvals.
viii. Ability to detect, evaluate and respond to user authority changes made directly to a
managed resource.
ix. Ability to report on roles, rights associated with roles, and users associated with roles.
x. Ability to set designated times for changes in access rights or policies.
xi. Ability to create unique user IDs consistent with policies and not in current use or
previous use by the organization.
xii. Ability to create user authorizations extending an existing account.
xiii. Support for mandatory and optional entitlements (optional entitlements are not
automatically provisioned but may be requested by a user in the group).
xiv. Ability to create a single account with multiple authorities governed by different policies.
xv. Ability to create user IDs using a set of consistent algorithms defined by the
organization.
Self -Regulating User Administration across Departments
i. Secure environment for transmitting access changes across the Internet.
ii. Protection of private user information through secure facilities and sound processes.
iii. Reports of user rights into external systems, sponsors of users and audit trails of access
rights changes.