In their nature, IAM systems appear as an in-house or external single data storage about users. Their major objective is to ensure that data accounts granting the necessary rights appear in all the applications required by the user (preferably there should be one single account for all the applications).

Here is what this process looks like:

A request is compiled in the system regarding the necessity of granting a certain group rights (possibly, by means of acquiring data on regular operations from a corresponding system)

The request is confirmed with all responsible persons including specialists capable of assessing the consequences of such an access

When confirmed, this request is broadcast into instructions and is to be executed by system administrators

System administrators carry out all the necessary settings

The system controls the faultlessness of these settings, their completeness and sufficiency

The instructions may be carried out in the automated mode.

In order to allow the user to remember only one data account Identity Management systems are integrated with Access Control Management and Single Sign-On solutions.

Allowing the user to authenticate themselves in all the applications with the help of one set of credentials presents significant challenges, because applied systems support a limited and often non-crossing set of authentication methods. Moreover, the credentials format in various systems may not coincide (from the banned use of certain symbols up to problems with coding).

The accomplishment of this task requires:

• specialized agents to which the application can delegate authentication functions (under the condition that the application is capable of actually delegating this function);
• intermediary authentication servers to convert credentials from one format into another.

Among the chief parameters characterizing IAM-systems are:

• document management properties
• flexible use and application for organizations with their own traditions
• the possibility of integration with existing document management systems
• the possibility of applying the electronic digital signature

in the compilation and approval of requests

• a list of supervised platforms and applications including requested rates of creating new agents for new platforms
• accounting system development.

This entry was posted on Wednesday, August 11th, 2010 at 12:44 pm and is filed under Corporate software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.