Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TCS Confidential
Objectives
Understand Identity and Access Management (IAM) system and components Learn how to integrate applications with IAM
TCS Confidential
Agenda
Identity & Access Management (IAM) Overview
TCS Confidential
TCS Confidential
Identity Management
Managing the user identities in the multiple directories and identity stores across an organization
App1
Authentication
App2
App3
App4
Authentication
Authentication
Authentication
Active Directory
Oracle Database
SQL Server
Access Management
Managing the access control to various resources in an organization to determine who can access what resources under what conditions
Application 1
Check policy for access Application 2 Response Application User Application 3 Access Control Policy Server Access Control Policies
Policy Admin
TCS Confidential
Ghost User Accounts I still have accounts in my systems for employees that have been gone for months.
Multiple Directories I have multiple user repositories. I dont know which one has correct data and which one is latest
Auditors Requirements I need to see who created your accounts, when they were modified, what was changed on them and when they were deleted.
Help Desk Overload 25% of my help desk cost is resetting forgotten passwords.
Reports It takes three days to gather a list of all the accounts that each user has.
Employee Productivity It takes seven days for a new employee to get all his or her system accounts set up.
Privilege Creep As employees move from job to job, they keep acquiring new system privileges. They never give any up. How do I fix that?
Escalating Administration Costs There is just no budget to hire more administrators, but we are acquiring a new bank next week.
TCS Confidential
Centralized Audit Control and monitoring mechanism for user account management
A centralized solution that is scalable and optimal in performance
TCS Confidential
TCS Confidential
4
Retire User -Delete accounts -Remove entitlements
2
Change User -Promotions -Transfers -Entitlement changes
3
Help Desk -Password reset -New entitlements
TCS Confidential
10
Performs administrative tasks Admin Accesses audit logs Access endpoint via Endpoint Mgmt
Endpoint
Auditor
Password Manager
Starts or stops Access Control
Applications
Database
TCS Confidential 11
Operator
Admin Role
Provisioning Role
TCS Confidential
12
TCS Confidential
13
IAM Benefits
Reduction in administration cost (cost containment) Improvement in User provisioning (productivity savings) Automatic de-provisioning across all repositories once the employee leaves organization. Near real time /Real-Time deployment of user provisioning / de-provisioning based on the role changes (business facilitation) User data synchronization across different operating systems and network domain using single interface Single point of control facilitates efficient audits any kind of violations of enforced policies Reduced cost of ownership of repositories (cost containment) Improved security
TCS Confidential 14
TCS Confidential
THIS SLIDE SHOULD BE DELETE BEFORE PRESENTING THIS TO NON TCS ENTITY.
TCS Confidential
16
Automated Input
HRMS
ODC Servers Subsidiary Systems Other Messaging Collaboration System system TCS Confidential 17
Solution Architecture
ERP-HR / EAI / GHD / CRM / .. Automated Input Staging DB (Oracle) Automated Input IAM Admin Failover IAM Admin DR
THIS SLIDE SHOULD BE DELETE BEFORE PRESENTING THIS TO NON TCS ENTITY.
Local
Area
Network
NOAM-ADC WAN
Zimbra Mail
Customer Portal
KnowMax
18
Solution Coverage
Ultimatix
Day 1 account creation for new joinee
Messaging System
Same day mailbox creation on email ID selection Mailbox movement as per location / country change Certifier change as per location change
Common
Access revocation on last working day end of office hours
THIS SLIDE SHOULD BE MODIFY BEFORE PRESENTING THIS TO NON TCS ENTITY.
TCS Confidential 19
TCS Confidential
20
THIS SLIDE SHOULD BE DELETE BEFORE PRESENTING THIS TO NON TCS ENTITY.
TCS Confidential
21
THIS SLIDE SHOULD BE DELETE BEFORE PRESENTING THIS TO NON TCS ENTITY.
TCS Confidential
22
THIS SLIDE SHOULD BE DELETE BEFORE PRESENTING THIS TO NON TCS ENTITY.
TCS Confidential
23
Benefits to TCS
Before IAM Solution After IAM Solution
No. of Admin. Provisioning Time Directory Management Data Sync Provisioning Frequency
Interface
Single
Provisioning Jobs
One
Data Security
Normal Communication
TCS Confidential
SSL Communication
24
What Next?
TCS Confidential
IAM Resources
IAM in Cloud https://wiki.cloudsecurityalliance.org/guidance/index.php/Identity_and_Access_Manage ment CA Identity Manager Book Shelf https://support.ca.com/cadocs/0/CA%20Identity%20Manager%20r12%205%20SP10ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?release-notes.html and Access Control Book Shelf https://support.ca.com/cadocs/0/CA%20Access%20Control%2012%205%205ENU/Bookshelf.html SAP Identity and Access Management System http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/60ea16e0-f039-2a10-78a4b7165e25ecd8 Microsoft Cloud Identity Scenarios and Solutions for Developers http://social.technet.microsoft.com/wiki/contents/articles/cloud-identity-scenarios-andsolutions-for-developers.aspx Oracle Identity Manager http://www.oracle.com/us/products/middleware/identitymanagement/index.html
TCS Confidential
26
Assistance
Please post your queries for this subject on JustAsk Discussion Forum: Ultimatix > Knowledge Management > JustAsk [Category: Software Security Assurance (SSA)]
Latest updates and information on trainings and events for SSA can be found at
Ultimatix > Enterprise Networking > Microblogging > Channel > Directory > SSA (Software Security Assurance)
SSA related information and documents
Ultimatix > Knowledge Management > Security & ORM > Software Security [https://knowmax.ultimatix.net/sites/pegoi/security_orm/Software_Security/default.aspx]
TCS Confidential 27
Thank You
TCS Confidential