The first time you heard the term identity management might have been when a nerdy looking guy came in to your office and said he wanted to talk about identity management. You looked at him and you said yes we should talk about your wardrobe identity management but a number of jargons came out of his mouth like single sign-on, service providers and a lot more. When he went away, you realized maybe you need to learn a little bit more about identity management.
Then you are starting to recognize that there is a lot more to identity management than what’s at the surface. People with different perspective have different ideas about identity management and different people have different identity management requirements. This article will provide you with the key concepts of this technology. Let’s begin.
First is the concept of authentication. We know when something is authentic and when it’s not authentic. With identity management authentication is knowing which entity we are dealing with. In the digital world, authentication is often done with a username and password. The username is the identifier which lets us know which entity we are dealing with and the password is the shared secret that enables us to confirm that the identity is authentic. Since we live in an imperfect world, there are bad apples out there so to reduce risks sometimes we use two-factor authentication or multi-factor authentication.
The next concept is authorization or access control. Basically, it dictates what you are authorized to do. In an identity management system, ones you have been authenticated, it confirms and sees whether if a certain entity is allowed to access a certain program or space and if valid, grants access to the resource.
Our next concept is role-based identity. To explain this, imagine we have an organizational model. We have the finance people accessing the accounting apps, human resources on HR apps, engineering on engineering apps, sales on sales apps, marketing on marketing apps, management on management apps, contractors on contractor apps, employees on employee apps, and then there are all the people working on a secret project that needs to have access to the secret app.
Going back to the organizational model, imagine the number of people and their relationship with the apps that you need to manage to ensure that only those authorized to access a particular app have access to that app. This is quite complicated. Identity management creates a layer of abstraction. It creates roles and put people into those roles and enable those roles to have access to the appropriate apps for that role.
The next concept is the single sign-on. Single sign-on enables users to log in once and the identity management system remembers who they are and auto logs in the users later. The last element we want to highlight is provisioning. Here you have a new employee and he shows up at work. The identity management system gives him a username and password and for example, he’s part of the sales team, he’ll have access to the sales apps and employee apps. Deprovisioning is the opposite process. When people leave the organization, their access from the app will be removed same with the directory. These things together make the identity lifecycle. Provisioning as people come into the system, managing them as things change, deprovisioning when they leave the organization.
That concludes our Identity Management 101. If you want to discuss more about identity management, you may contact Infocentric Solutions Inc. Our hotline is +63 2 759 1510 or email firstname.lastname@example.org.