Sunday, 6 March 2016

Identity and Access Management (IdM)



Identity and Access Management (IdM) :

  1. IdM allows organizations to create, maintain, terminate digital identities in timely and automated fashion.

Enterprise deals with below things :

  1. What should each user have access to - Printers/Internet websites/Remote desktop access
  2. Who approves and allows access - Approver for allowing access
  3. How do the access decision map to policies - Does accessing RDP service map to organization policy
  4. Do former employee still have access to 
  5. How to keep up with dynamic and ever changing environment
  6. How is access controlled and monitored centrally.
  7. Why should employee remember multiple passwords
  8. Centralizing credentials set
  9. Controlling access for employees, customers, partners
  10. Compliant with regulation



LDAP (Lightweight Directory Access Protocol) :
















The string ("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com") is a path from an hierarchical structure (DIT = Directory Information Tree) and should be read from right (root) to left (leaf).
It is a DN (Distinguished Name) (a series of comma-separated key/value pairs used to identify entries uniquely in the directory hierarchy). The DN is actually the entry's fully qualified name.






Reference Link



What is Meta Directory in IdM :


  1. Meta Directory is directory containing information fetched from various sources and stored in central directory, which provides a unified view.
  2. Meta Directory synchronizes itself with all identity sources periodically to ensure most up to date information is being used by applications and IdM components within enterprise.























Image Source

An example of Meta Directory product MetaDirectory product from "etos"
The MetaDirectory product has capabilities to merges various databases into a single, consistent LDAP directory that can be used throughout the company.

MetaDirectory product supports below technologies as a source for collecting data (Interfaces)  :

• ODBC (Access, SQL Server, MySQL)
• LDAP (OpenLDAP, NDS, public directory services)
• Active Directory / global catalogues
• Public exchange directories
• Off ice 365
• Lotus Notes databases
• Tobit David (free connector)
• DATEV pro and DATEV proprietary organization
• Microsoft Dynamics AX, CRM and Navision
• Microsoft Dynamics CRM Online
• Das Telefonbuch
• Herold
• KlickTel
• TwixTel
• Swisscom Directories

Official Link



What is Virtual Directory :

Virtual directory play similar role as Meta Directory however difference is,

Metadata Directory - Collects data from multiple sources and stores data in single Physical Directory
Virtual Directory - Virtual Directory does not store data in Physical Directory however, it just points to location where actual data is stored.


Good example can be a Dell product named  "Dell One Identity Virtual"



















Web Access Management :

Web access management software controls what user can access when using web browser to interact with we-based enterprise assets.

WAM software is a gateway between User and Corporate web based resources.

When user request for access web server software will query in a directory.
Another important thing is to "Keep track of user activity"



1 comment: