2. Introduction
• IAM is an essential function for protecting the privacy of information,
enhancing user experience, enabling accountability, and controlling
access to an organization’s assets.
• IAM is the collection of processes and technology used to manage
digital identities and the resource access provided through them.
4. How Access Management works
Lets start with a basic understanding how access management works in digital
world:
• An identity in digital world is identified as a unique user.
• Each identity has an account on a application to which is onboarded.
• Each identity has right to request for access (access request) for application’s
entitlements on which they have account.
• Each identity access request is approved by a approver.
• Certifications or roaster reviews are there to review access.
• Auditing & reports are part of audit log trails and monitoring reports generation.
• Provisioning and de-provisioning is performed as part of grant/revoke access in a
target system through IAM mechanism.
5. Access Management
Some of the components of Access Management:
• Establishing unique identities and associated authentication credentials.
• Authoritative source is maintained as a central repository for storage.
• Providing capability to identities to request entitlements.
• Assigning roles or entitlements to identities.
• Managing offboarding and other business work processes by workflows.
• Providing capability to approve, revoke, review or certify entitlements or
roles assigned to users.
7. IAM Framework functioning – Identity Request
• Once an identity is onboarded into a IAM system, it has an account on the application to
which its access needs to be managed.
• Entitlements are present in the IAM framework through the process of direct or indirect
aggregation.
• Identity raises an access request for an entitlement which is thereafter approved by the
respective supervisor or approver.
• Each access request is associated with a provisioning plan how the request will be
processed.
• Once approved, the granted access is provisioned at the target end and the entitlement
granted to the identity will be aggregated in the next aggregation process.
• Each event triggered for an identity like creation, deletion, job change, modification etc
calls for a business process known as workflow in terms of IAM.
• Each workflow works as set of logical process through which all IAM business processes
are implemented at the backend.
8. IAM Framework functioning – Roles & Rules Management
• Roles are another way of providing access to an identity, where roles are
either assigned or detected.
• Roles can be of any type from organisational to entitlement level.
• Roles can have inheritance property as well, overlapping of roles is also
allowed.
• Rules are logic which can be written in scripting language, Boolean
operations etc which are implemented at runtime from the executing
module.
• Rules are customized and are implemented specifically to cater certain
security or business requirement.
9. IAM Framework functioning: Aggregation & Provisioning
• Target application data is pulled into IAM framework through aggregation
process. Provisioning on other hand is defined as the process of
granting/revoking access in target system.
• Aggregation is the process of connecting the IAM framework to the target
application database through logical connections implemented through
integrating services.
• Certain applications which are not connected to IAM framework directly, there
aggregation process and provisioning mechanism is customized as per the
business requirement and indirect integrating services
10. IAM Framework functioning – Certifications
• Certifications refers to access review or access roaster mechanism.
• Certifications are performed over a period of time monthly, quarterly
and annually as per requirement.
• For performing certification a certifier is assigned certain work items
which contains access of various identities.
• The purpose of certifications is to review appropriate access and to
check if there is any inappropriate access which should be revoked.
11. IAM tool – SailPoint
• Gartner’s SailPoint is one of the leading IAM and IAG tool.
• It is an open identity management platform (from 7.0 release) which
provides modern security.
• SailPoint provides the most flexible and user friendly IAM framework.
• SailPoint manages user applications on premises as well as on cloud.
• SailPoint has three major solutions :
• IdentityIQ (On-premises Access Management solution)
• IdentityNow (Cloud based Access Management solution)
• SecurityIQ (Security to unstructured data)