Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 1, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

An Integrated Architecture for Identity and Access Management

CA
By : CA
INFORMATION
Published : Feb 16, 2007
Length : 14
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

With the continued innovation in IT architectures, the number of IAM tools in your network will only continue to add costs and create security headaches for your organization.

The most efficient path to containing those costs, meeting your compliance requirements and ensuring appropriate levels of security is with a solution that integrates industry-leading capabilities across the different IT architectures that are deployed in your IT environment. 

View All Items By This Company
Browse Related Categories :

Access Control

,

Compliance

,

Identity Management

,

Network Provisioning

,

Risk Management

,

Security

,

Single Sign On
 

Identity and Access Management:

Core Services of the Solution
Identity Provisioning and Life Cycle Management

Organizations have three general groups of users they need to successfully manage —employees, customers and partners. The CA Identity and access management solution provides tools that support the creation and management of user identities for each of these user types in many different endpoint environments, such as directories, operating systems, ERP systems and other layered applications. However, the CA Identity and Access Management  solution does much more than just creating, provisioning and deprovisioning users and user attributes.

The solution also provisions users to access roles in the access management components of the solution, thereby completing the loop of binding users to access policies which protect applications and resources within applications. The efficient association of identities to access policies represents the advanced value of a fully integrated Identity and Access Management solution. As outlined above, this out-of-the-box integrated architecture of the overall CA Identity and Access Management solution enables an organization to avoid the need for custom connectors. Additionally, this integration will be extended in future releases. Examples include the ability to:

• Explore and correlate user identities across user repositories and access management products, to facilitate separation of duty analysis
• Extend orchestrated workflow processes that cover the full range of identity and access management tasks linking identities to roles to policies to resources
• Provide a consistent entitlement certification process so application owners can certify that only approved users are gaining access to important and sensitive business information

Single Sign-On
Across any organization’s IT environment there is a wide range of applications supporting a wide range of authentication schemes such as x.509 certificates, SAML assertions or various forms of biometrics. However, due to the cost and complexity of other forms of authentication, most organizations continue to employ only a username and password combination as the primary method of user authentication for the vast majority of their applications. Organizations’ desire to reduce the variety of authenticators while increasing the overall security of user authentication has been unfulfilled. In fact, just the opposite is occurring. Recent regulations, such as FFIEC, HSPD-12 and SOX are continuing to drive the addition of even more authentication methods into the market.

While organizations do need to implement stronger forms of authentication for some critical applications, they also need to find ways to reduce the overall cost of managing user authentication. Single sign-on implemented with appropriate support for stronger forms of authentication provides the best path to address this need. CA’s Identity and Access Management  solution offers an integrated approach to delivering single sign-on across a broad range of application environments. By supporting the native authentication interfaces of the various application environments, such as the HLLAPI interface for terminal emulators, GINA interface in Windows, PAM interface in UNIX and the available APIs interfaces on Web Servers and Application Servers, the CA Identity and Access Management solution is able to integrate with authentication processes from the mainframe to a Web service. By further integrating the authentication ticket mechanisms in the different CA products, the CA Identity and Access Management  solution provides users with the experience of a single sign-on across all these disparate environments.

Access Control
Implementation of access control in an Identity and Access Management  architecture demands support for many different access enforcement points. CA’s Identity and Access Management solution provides the broadest array of capabilities for heterogeneous IT systems. Access control within the CA Identity and Access Management solution includes support for controlling:

• Entry into virtually all z/OS subsystems and VTAM applications for the mainframe
• Root privileges on Unix and Linux host systems
• Administrator privileges on Windows systems
• Login to virtually any network and application accessed from a Windows client
• Access to URLs on a web server or portal
• Access to JAR and EJBs on J2EE Application Servers
• Access to applications exposed as Web Services
Support for this range of environments is accomplished by integrating CA’s Identity and Access Management solution both via public APIs and supported standards available from the applications, platforms or operating systems.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map