Академический Документы
Профессиональный Документы
Культура Документы
Identity Management
IDMCONSULTANT@hotmail.com
Identity Management
Purpose
A central place for managing all identities
Granting and revoking authorizations in
applications
Synchronizing data between applications
Attestation, i.e. confirming that the
assignments are still valid
Segregation of Duties (SoD)
Auditing –Who had which authorizations at
which time
IDMCONSULTANT@hotmail.com
Identity Management
Purpose
Manage user life-cycle
Ensure that the right people
have the right authorizations
Keeping identity data updated
across the organization
Setting the (same) password in
all applications
IDMCONSULTANT@hotmail.com
Typical User Lifecycle
IDMCONSULTANT@hotmail.com
Holistic Identity Management
Approach
Integration with heterogeneous system
Central Identity Store
Approval Workflow
Identity Virtualization/Identity as a Service
SAP Business suite Integration
Compliance Check/GRC
Rule based assignment of business role
Monitoring & Audit
Password Management
Distribution of Users and Role Assignment
SSO – Single Sign On
IDMCONSULTANT@hotmail.com
Application data and Challenges
IDMCONSULTANT@hotmail.com
Application data and Challenges
Disconnected Systems
Applications are unaware of each other
Security risks
Employees leaving –Access rights not revoked in all systems
People moving –Granted new access rights, Previous access rights are not revoked
Manual procedures involved –Human errors may cause security flaws
Lack of audit –Who had access to what when
High maintenance cost
Many manual operations, Resources could be put to better use
Time-consuming , Employees must wait
Compliance
SOX - Sarbanes-Oxley, HIPAA - Health Insurance Portability and Accountability Act
Internal audits, Risk assessments etc
IDMCONSULTANT@hotmail.com
Identity data
Personal data
Normally short data elements like Name, phone, email, picture, certificate
Pointer data
Pointer or reference data points or link an Identity to other objects such as Web page,
document archive, group memberships
Assignments Data
Roles, privileges, authorizations
Read-mostly data
High read/write ratio
IDMCONSULTANT@hotmail.com
Identity Store
IDMCONSULTANT@hotmail.com
SAP IdM – Components
IDMCONSULTANT@hotmail.com
IDMCONSULTANT@hotmail.com