Security

Learn about GenX services that can add value to your business

Security

Identity Management

Identity Management, also known as identity and access management (IAM) is, in computer security, the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons". It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

The terms "identity management" (IdM) and "identity and access management" are used interchangeably in the area of Identity access management. "Identity management" comes under the umbrella of IT security.

Four Basic functions of IAM:

  • 1. The pure identity function: Creation, management and deletion of identities without regard to access or entitlements.
  • 2. The user access (log-on) function: For example: a smart card and its associated data used by a customer to log on to a service or services.
  • 3. The service function: A system that delivers personalized, role-based, online, on-demand, multimedia (content), presence-based services to users and their devices.
  • 4. Identity Federation: A system that relies on federated identity to authenticate a user without knowing his or her password.

IAM Capabilities

In addition to creation, deletion, modification of user identity data either assisted or self-service, Identity Management controls ancillary entity data for use by applications, such as contact information or location.

  • Authentication: Verification that an entity is who/what it claims to be using a password, biometrics such as a fingerprint, or distinctive behavior such as a gesture pattern on a touchscreen.
  • Authorization: Managing authorization information that defines what operations an entity can perform in the context of a specific application. For example, one user might be authorized to enter a sales order, while a different user is authorized to approve the credit request for that order.
  • Roles: Roles are groups of operations and/or other roles. Users are granted roles often related to a particular job or job function. For example, a user administrator role might be authorized to reset a user's password, while a system administrator role might have the ability to assign a user to a specific server.
  • Delegation: Delegation allows local administrators or supervisors to perform system modifications without a global administrator or for one user to allow another to perform actions on their behalf. For example, a user could delegate the right to manage office-related information.
  • Interchange: The SAML protocol is a prominent means used to exchange identity information between two identity domains. OpenID Connect is another such protocol.