Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management (IdM)

Published byTodd Bradford Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity Management (IdM)"— Presentation transcript:

1 Identity Management (IdM)
Hattie Leary Anoka Hennepin School District

2 The Complexity of Identity Management (IdM)

3 IdM Lifecycle Primary Components Person Provisioning Authentication
It all starts with “the human” Provisioning Creates an electronic definition(s) of the person Authentication Validates who you are Authorization Determines the rights to a system or application Permissions Once in an system/application, what rights do you have Management and Maintenance Password changes – Person changes De-provisioning Person Provisioning Authentication Authorization Permissions Maintenance De-provisioning

4 IdM Person The human that starts the process A person has “attributes”
Physical Eye Color Gender Demographic First Name and Last Name Mailing Address Phone Number Occupational Job Title Job Assignments Skill set Note: Relationships are not new, but the number of relationships that a user has and types of relationships they have with other users and other things is rapidly growing.

5 IdM Provisioning Creates the person and identifiers
Gives person digital identity Defines his/her group and role membership Defines systems and accounts required The process of providing users with access to applications and other resources that may be available in an enterprise environment.

6 IdM Authentication Validates the person’s identity
Really the user / user account You prove who you are Password Answer personal questions Can include multi-factor authentication The user “presents” several separate pieces of evidence Knowledge – (something they know) - passphrase Possession (something they have) - password Inherence (something they are) – finger print Connected token – card readers and USB tokens The process of verifying the identity claimed by an entity based on its credentials.

7 Trusted 3rd Party User with Device Request Service Provider
Unauthenticated Request /w Token Data Identity Provider Credentials Token Token Valid (+)

8 Trusted 3rd Party SAML (Shibboleth) OpenID Connect (OAuth+)
SSL/TLS (Certificate Authority) Kerberos (Active Directory)

9 IdM Authorization Determine right-to-access a system
Audit and security reporting Manage system authorizations The process of establishing a specific entitlement that is consistent with authorization policies

10 IdM Permission Determine access rights Manage permissions
An access control instruction (ACI) has three parts: Who can perform the operation. This is the entity who is being granted permission to do something; this is the actor. What can be accessed. This defines the entry which the actor is allowed to perform operations on. This is the target of the access control rule. What type of operation can be performed. The last part is determining what kinds of actions the user is allowed to perform. The most common operations are add, delete, write, read, and search

11 Roles Service Providers Users Groups SIS LMS Library Transportation
This is how I think about it! There are other terms to consider: applications, systems, back office, people, organizations, assertions SIS LMS Library Transportation LDAP Hattie Leary John Lovell Teachers Administrators Staff Students Parent

12 IdM Maintenance Manage the changes to a person information (core person attributes) Replication of person attributes to other systems as required Users are dynamic—they change names, addresses, responsibilities and more. Changes experienced by users in the physical world must be reflected by user objects on systems and applications

13 IdM De-provisioning Revoking permissions / authorizations based on current role(s) Security controls (not sure what that is…) Users have a finite lifespan and normally an even shorter relationship with an organization where a system or application is managed. When users leave—termination, resignation, retirement, end of contract, end of customer relationship, etc. -- their access to systems and applications should likewise be deactivated.

14 Hattie Leary John W. Lovell Hattie.Leary@ahschools.us jlovell@a4l.org
Contact Information:

Download ppt "Identity Management (IdM)"

Similar presentations

Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) 632-0294 January 09, 2007.

Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) January 09, 2007.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.

User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,

3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
1 Identity Management and Access Control Status UNITS Forum, June 2006 Tom Board, NUIT Info Systems Architecture.

1 Identity Management and Access Control Status UNITS Forum, June 2006 Tom Board, NUIT Info Systems Architecture.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
User Authentication for Enterprise Applications - The Future in Transitions.

User Authentication for Enterprise Applications - The Future in Transitions.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.

CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Similar presentations

Ads by Google