1 / 44

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relatio

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney +61 2 9904 3430 Melbourne +61 3 9804 8500 Brisbane +61 7 3369 3500 Wellington +64 4 460 5273

lanai
Download Presentation

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relatio

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationshipmanager near you: Sydney +61 2 9904 3430 Melbourne +61 3 9804 8500 Brisbane +61 7 3369 3500 Wellington +64 4 460 5273 National Support: 1300 366 946 orhelpdesk@directoryconcepts.com.au

  2. Using an organisation’s identity information to enable TRIM

  3. Agenda • Introduction • Identity Lifecycle Management • Integrating TRIM

  4. Who are Directory Concepts? • Offices Brisbane, Sydney, Melbourne and Wellington • 6o+ technical staff across these locations • 10 years speciality in identity driven solutions • Platinum partner status with Novell • Technical staff are recognised in the industry as maintaining the deepest identity specialty skill set in the Asia Pacific region • Consult and support to government on identity and access management across the region

  5. DC Offerings Professional Services Project build and deploy Post project support Specialty managed services 24 x 7 helpdesk services Contract onsite services Consulting Services Architecture Consultancy Business analysis Design Project management

  6. Introductions • My background? • Software Development (corporate and startup) • Experience in Education, Financial and Government sectors • Head of Development Vertical at Directory Concepts

  7. Identity Management(IDM) Information Management (IM)

  8. Identity Lifecycle Management • What does it promise? • Automation of the process to manage access rights from the day a user is hired until the day they leave the organisation • Consistent and accurate information and access rights across all connected systems • So what is it?

  9. Identity Lifecycle Management

  10. Key Elements of Identity Management • Identity Integration • Roles management • Integrated workflows and provisioning policies • Self Service

  11. Key Elements of Identity Management • Identity Integration • Roles management • Integrated workflows and provisioning policies • Self Service

  12. Human Resources Network/NOS Directory Email Enterprise Application PBX Business Issue: Your Enterprise has many Identity Stores Identity Stores Many of your Enterprise’s applications own a piece of the User's Identity. • This Identity data can be expensive to maintain. • The Data may not be shared by everyone who needs it. • This Data may not be accurate, consistent or kept up to date.

  13. Human Resources Network/NOS Directory Identity Vault Email Enterprise Application PBX Novell's Solution:Create a Central Identity Vault Identity Stores Identity Isolation problems can be solved by creating an Identity Vault. • A location for centralized identity management • Many applications share the same identity data and authentication and authorization functionality • Lays foundation for access control • Provides basis for role-based personalization based on rights

  14. Human Resources Network/NOS Directory Identity Vault Email Enterprise Application PBX The Solution:Advanced Identity Synchronization Identity Stores In order to aggregate this identity data into the Identity Vault we utilize Identity Synchronization technology. • This allows you to utilize data owned by many systems to create a single rich identity • It allows for distributed ownership of portions of an identity, while allowing a single, centralized identity that can be leveraged by a myriad of systems.

  15. First Name Last Name Employee ID Location First Name Last Name Location HRSystem First Name Last Name Employee ID Address Location Phone Number User ID Email Address Network Address Email Address Identity Vault First Name Last Name Location First Name Last Name Distributed Ownership of Dataa centralized view Help Desk System PBX E-Mail System File & Print

  16. Novell IDM Application Coverage

  17. Key Elements of Identity Management • Identity Integration • Roles management • Integrated workflows and provisioning policies • Self Service

  18. Roles Management • Maps Business Roles to IT Entitlements • Assign users to Roles based on business policies and an exception approval process

  19. Novell Solution:Roles Based Provisioning Module • Role represents business function/position • Business and user centric (authorisation workflows) • Assign resources to roles and then assign the roles to the users or groups or organisational units (Inheritance) • Delegation • Separation of duties

  20. Novell Identity Manager Roles Based Provisioning Module Integrated Roles Management & Workflow

  21. Key Elements of Identity Management • Identity Integration • Roles management • Integrated workflows and provisioning policies • Self Service

  22. HR Personnel Human Resources Policies Network/NOS Directory Identity Vault Email Financial Application Novell Solution:Automated Provisioning Identity Stores In order to give user's access to the resources they need we utilize dynamic provisioning capabilities. • This allows Identity Manager to capture events that occur in an authoritative system such as an HR system • The Identity Management system provisions user in realtime based on policies Enterprise Application

  23. Human Resources Policies Network/NOS Directory User User Application Identity Vault Email User's Manager Financial Application Novell Solution:Workflow Based Provisioning Identity Stores In situations where access to resources should require approval, a user facing provisioning environment is created. • Users only see the resources that they can request based on their Identity • Policies determine who should approve access to the resource Enterprise Application

  24. Human Resources Policies Network/NOS Directory User User Application Identity Vault Email User's Manager Financial Application Novell Solution:Workflow Based Provisioning Identity Stores • The Manager can access the Provisioning User Application. Here the manager can deny or approve the request • Access is Granted immediately Enterprise Application

  25. Workflows - simple

  26. Workflow Features • Highly flexible • Can be as simple or complex as desired • Time-outs and escalation • Third-party integration (SOAP/Web Services) • Generate service desk tickets • Can be user initiated or automatically initiated • Customisable forms

  27. Business Process Automation

  28. Key Elements of Identity Management • Identity Integration • Roles management • Integrated workflows and provisioning policies • Self Service

  29. End Users: typical issues • Unfavourable user experience • Required to call service desk • “I have too many passwords” • Service desk over-utilisation • Password resets • Simple requests (file access etc.) • Security • Users creating their own credential store • Lost productivity

  30. Case Study • Organisation with 2000 users • 3592 password resets (forgotten/expired) • 1162 requests for additional access • 3592 password resets pa • Gartner: ~25AUD (22USD) for each password reset • 3592 x 25 = $89,800* pa • 1162 file access requests pa • ~15 minutes to complete each request • 1162 x 15 = 17430 minutes = 290 hrs = 36 days * Does not account for lost productivity

  31. User Application • Web-based interface to display and allow users to view and manage identity data in the identity vault. • Organization Charts • White Pages • Profile management • Password management

  32. Identity and provisioningenvironment Novell® Identity Manager PeopleSoft Administermy resourcesor workgroup Notes Windows Server Search / browseusers or resources Databases Requestaccess toresources Mainframes Approved Identity Vault Recover forgottenpassword GroupWise Self-administration BMC Remedy Novell Identity Manager delivers: • User Provisioning • Roles Based Access Control • Identity Integration • Password Management • Delegated Administration/Self Service • Automated workflows (both data driven and approval driven) Avaya PBX LDAP Directories

  33. Identity Manager Allow the enterprise to address Pain Points and business initiatives from the IT Manager to the CxO Increase Service Level Regulatory Compliance Increased Productivity & Cost Reduction Governance & Security Business Facilitation • Consistent security policy • Immediate system-wide access updates • Consistent identity data • Automated risk mitigation • Enterprise SoD • Eliminate redundant administration tasks • Reduce helpdesk burden • Fast employee ramp-up • User self service • Focused, personalized content • Delegated Administration • Comprehensive profile view • Password management • SOD requirements • Role-based access • Least privilege access • Real-time visibility and disclosure • Basic compliance reporting • Reach global customers • Tighter supplier relationships • More productive partnerships Identity Management

  34. Integration with HP TRIM • Connecting • Translating • Access Control

  35. Connecting • User Lifecycle Integration • Indirect • Database Staging Table • Direct • Web Services via SOAP Connector • Stateless • Custom IDM Connector • “Stateful” • Bi-directional

  36. Translating • Mapping LDAP Classes to TRIM Locations

  37. Managing Locations • Create, Update and Delete • Persons • Workgroups • Organisational Units

  38. Access Control • Some Options • Minimal rights initially, manually adjusted by TRIM administrator • Based on Org Unit, Group membership, other identity attribute • Configurable via On-Boarding application

  39. Case Study • Government Department in Victoria • Involves multiple systems • Simple workflow via email • ‘Best guess’ for access based on Org Unit then modified/approved by TRIM administrator

  40. Conclusion • IDM integrated with TRIM can • Reduce the cost of managing user and access management • Provide timely and secure access to services like TRIM • Increase business leaders trust in IT, in regard to compliance • Reduce the risk of human error • Strengthen security without raising costs or diminishing productivity

  41. Questions?

  42. Directory Concepts • Come and visit us if you have any further questions or would like more information on Identity Management

More Related