equipages-element-gerer-id2

In the beginning there was the directory …
Often, the directory is the first brick of a comprehensive solution to identity management in business. The directory identify all users who have access to the corporate network and its business applications. This solution is limited to a very simple SEO. This baseline can store all information related to authentication: passwords, user rights, certificates, applications or storage space.
 
Then the question of securing network access, and therefore data, was posed
An electronic certificate aims to eliminate in-company password management or to improve access to corporate data by a two-factor authentication (logical and physical) with the use of a smart card, for example.
One advantage of these electronic certificates is that authentication is transparent for the user, who has no longer to remember one or more passwords. In addition, this key is more secure than a password.

Followed by the simplification of access to data from different applications while maintaining a high level of security…

The principle of Single Sign On is based on centralized management of user authentication. Access software or Web services all connect to a single centralized system. Once recognized by the system the first time, the user has free access to all applications that have integrated SSO functions.

And finally the management of the entire solution
Once the principle of the directory, meta-directories, electronic certificates and SSO authentication is adopted, the company needs only a management and monitoring tool about their identities. IAM (Identity and Access Management) solutions will help meet that need. This software automates some of the treatments inherent to identity management in order to gain administration time.

The main features of a process monitoring tool are:

  • the automatic creation/deletion (provisioning) of user accounts to manage personnel arrivals and departures,
  • synchronizing passwords,
  • implementation of safety rules,
  • the federation of user rights by group when connecting to external networks or management of the virtual directory.

The more an infrastructure is heterogeneous, the more difficult it will be for the elements to communicate with each other. Furthermore, identity management leads to a flow overload on the network infrastructure. Likewise, the security level of authentication will impact application availability. Finally, centralizing access to identity management requires the company to be attentive to the availability of authentication servers, as the failure of this service would affect all business applications. Therefore, a well-designed network and servers are indispensable. Finally, in order to comply with certain regulations, the connection information must be stored and archived to meet the requirements of traceability.

Enlil IT can assist you in implementing your identity management projects to make your system user friendly and robust.