Identity Management
Identity Management is managing the user identities in the multiple directories and identity stores across an organization.
Identity Manager provides an integrated method of managing users and their access to various applications. It can be used to enforce segregation of duties.
It prevents users from receiving privileges that may result in a conflict.
The administrator can check for any violations before assigning privileges/changing profile attributes.
Requirements of IAM
Modern organizations run a complex mix of IT infrastructure, including: Network OS, Application Servers, Webservers, Database servers, Emails and messaging services, User directories, Sharepoint sites, CRM, Payroll management and ERP applications
Almost every system and application track its own users, how they sign in (i.e., their passwords) and their privileges (i.e., what they can see and do).
This data about users must be managed, when users are hired, when their business roles or identifying information change and when they leave.
The diversity of these systems, each with their own user interface, administrators and change request processes creates complexity.
Identity management technologies simplify the administration of this distributed, overlapping and sometimes contradictory data about users.
Access Management
Access Management is managing the access control to various resources in an organization to determine who can access what resources under what conditions.
Every business has information that needs to be protected from unauthorized disclosure.
To protect information, companies define policies that govern who can access specific classes of business and/or personal information.
Access Management is a solution that provides a mechanism to manage the authentication of users (including single sign-on) and implement business rules determining user access to applications and data.
Access Management system takes care of following items
Authentication – verifying users are who they claim to be
Authorization – granting users access to resources (also called entitlements)
Auditing – recording who did what and when
Administration – managing users and entitlements
Confidentiality – protecting data from unauthorized eyes
Notification – actively communicating security events
The Categories
Identity and Access Management is divided into following categories
Access management
Privileged access management
Governance
Interview Question-Answer
Q.1 _______________ is a solution that provides a mechanism to manage the authentication of users and implement business rules determining user access to applications and data.
A. Identity management
B. Authorization
C. Access management
Ans : Access management
Q.2 Which of the following is used to ensure that the users are who they claim to be?
A. Administration
B. Authentication
C. Identity management
D. Authorization
Ans : Authentication
Q.3 Which of the following aims to manage the user identities in the multiple directories and identity stores across an organization?
A. Identity Management
B. Authorization
C. Authentication
Ans : Identity Management
Q.4 Which property of access management aims to protect data from unauthorized eyes?
A. Authentication
B. Integrity
C. Audit Logging
D. Confidentiality
Ans : Confidentiality
Q.5 Which of the following is used to grant users access to resources?
A. Authentication
B. Identity management
C. Authorization
D. Administration
Ans : Authentication