Information Technology Reference
In-Depth Information
services that provide credentials management, authentication, and autho-
rization. These solutions may even provide federated delivery of credentials
across a range of authentication pools. However, formal identity manage-
ment solutions also provide management and administrative support to
the infrastructure that delivers identity services, including:
•
Account provisioning.
Identity management systems provide auto-
mated tools for creating, updating, and retiring security identifiers.
Examples of this type of functionality include application services
that access human resources data to create user log-on accounts for
new hires, update information fields based on departmental assign-
ment, and suspend or deactivate log-on accounts upon termination
or dismissal. When implemented in high-turnover environments
such as food-industry or higher-education enterprises, automated
provisioning of user accounts can provide tremendous time and
administrative cost savings over manual management methods.
•
Permission assignment.
Identity management solutions may assign
group membership and access rights based on departmental assign-
ment or organizational role (such as an accountant or manager).
By automating permission assignment, there is less opportunity for
accidental access assignment or delayed revocation of rights follow-
ing employment separation procedures.
•
Password management.
Identity management solutions provide
mechanisms to control password strength, re-use, and other aspects
of a credential's lifecycle. This may include automatic regeneration
and assignment of public-key infrastructure (PKI) certificates, expi-
ration of password values, and similar processes necessary to ensure
the security and viability of provided security credentials.
•
Self-service.
Identity management solutions frequently include utili-
ties to allow users the ability to update public information associated
with their log-on identity, such as contact information and status.
Other solutions provide password reset capabilities without requir-
ing administrative assistance, or may allow a user to request access
to a protected resource without having first to identify the resource
owner (DAC environments).
•
Work f low.
Identity management solutions may include provi-
sions for automating workflows, performing such sequential tasks
as first passing resource access requests to management for request
