Download presentation
Presentation is loading. Please wait.
1
Identity Management (IdM)
Hattie Leary Anoka Hennepin School District
2
The Complexity of Identity Management (IdM)
3
IdM Lifecycle Primary Components Person Provisioning Authentication
It all starts with “the human” Provisioning Creates an electronic definition(s) of the person Authentication Validates who you are Authorization Determines the rights to a system or application Permissions Once in an system/application, what rights do you have Management and Maintenance Password changes – Person changes De-provisioning Person Provisioning Authentication Authorization Permissions Maintenance De-provisioning
4
IdM Person The human that starts the process A person has “attributes”
Physical Eye Color Gender Demographic First Name and Last Name Mailing Address Phone Number Occupational Job Title Job Assignments Skill set Note: Relationships are not new, but the number of relationships that a user has and types of relationships they have with other users and other things is rapidly growing.
5
IdM Provisioning Creates the person and identifiers
Gives person digital identity Defines his/her group and role membership Defines systems and accounts required The process of providing users with access to applications and other resources that may be available in an enterprise environment.
6
IdM Authentication Validates the person’s identity
Really the user / user account You prove who you are Password Answer personal questions Can include multi-factor authentication The user “presents” several separate pieces of evidence Knowledge – (something they know) - passphrase Possession (something they have) - password Inherence (something they are) – finger print Connected token – card readers and USB tokens The process of verifying the identity claimed by an entity based on its credentials.
7
Trusted 3rd Party User with Device Request Service Provider
Unauthenticated Request /w Token Data Identity Provider Credentials Token Token Valid (+)
8
Trusted 3rd Party SAML (Shibboleth) OpenID Connect (OAuth+)
SSL/TLS (Certificate Authority) Kerberos (Active Directory)
9
IdM Authorization Determine right-to-access a system
Audit and security reporting Manage system authorizations The process of establishing a specific entitlement that is consistent with authorization policies
10
IdM Permission Determine access rights Manage permissions
An access control instruction (ACI) has three parts: Who can perform the operation. This is the entity who is being granted permission to do something; this is the actor. What can be accessed. This defines the entry which the actor is allowed to perform operations on. This is the target of the access control rule. What type of operation can be performed. The last part is determining what kinds of actions the user is allowed to perform. The most common operations are add, delete, write, read, and search
11
Roles Service Providers Users Groups SIS LMS Library Transportation
This is how I think about it! There are other terms to consider: applications, systems, back office, people, organizations, assertions SIS LMS Library Transportation LDAP Hattie Leary John Lovell Teachers Administrators Staff Students Parent
12
IdM Maintenance Manage the changes to a person information (core person attributes) Replication of person attributes to other systems as required Users are dynamic—they change names, addresses, responsibilities and more. Changes experienced by users in the physical world must be reflected by user objects on systems and applications
13
IdM De-provisioning Revoking permissions / authorizations based on current role(s) Security controls (not sure what that is…) Users have a finite lifespan and normally an even shorter relationship with an organization where a system or application is managed. When users leave—termination, resignation, retirement, end of contract, end of customer relationship, etc. -- their access to systems and applications should likewise be deactivated.
14
Hattie Leary John W. Lovell Hattie.Leary@ahschools.us jlovell@a4l.org
Contact Information:
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.