Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 1, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Evaluating User Provisioning Products

IDFocus
By : IDFocus
INFORMATION
Published : Jan 11, 2006
Length : 15
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :
This whitepaper discusses the user provisioning challenges and is a tool for companies evaluating such a solution to have a clearer, more structured evaluation process. This document focuses on how to evaluate and analyze the components delivered by a user provisioning solution. It includes a thorough evaluation of connectors, GUI, and password management capabilities.
View All Items By This Company
Browse Related Categories :

Desktop Management

,

Password Management
 
1 INTRODUCTION
This document is based on IDFocus' experience, interviews, and multiple data sources and it represent our own professional views.
This document is intended to be a tool, allowing companies evaluating these solutions to have a clearer and more structured evaluation process. We do think that each organization should weigh the factors presented differently, however, and some organizations may choose to ignore some factors or add others not mentioned here. We consider this to be a normal and expected process.
THE FREE DOCUMENT PRESENTED HERE CONTAINS ONLY A PART OF THE COMPLETE DOCUMENT. THE FOLLOWING CHAPTERS ARE MISSING:
- Rules engine evaluation criteria
- Workflow engine evaluation criteria
- Audit and reports evaluation criteria
- Self-service evaluation criteria
- Policy enforcement evaluation criteria
- Delegated administration evaluation criteria
IDFOCUS OFFERS THE COMPLETE DOCUMENT TO PROSPECTS, CUSTOMERS, OR PARTNERS.

2 DOCUMENT STRUCTURE
This document offers a structured method for the analysis and evaluation of the many functions and components delivered by modern identity management systems.
The document is organized into two sections:
1. An overview of user provisioning
2. A discussion of the evaluation areas and what items to evaluate

3 LARGE IT DEPARTMENTS: CURRENT SITUATION AND ISSUES
IT systems today are complex, interlinked, and critical to the business functions of their organizations. Most large IT organizations share some if not all of the following issues:
- Multiple operating systems and environments
- Multiple commercial applications
- Multiple internally-developed ("home grown") database applications
- Multiple access points to each system and/or application (for example, traditional local end-user access, Web access, and access directly from other applications)
- Large user base
- Multiple types of users ? employees, subcontractors, suppliers, customers, etc.
- High volume of changes resulting from addition, deletion and modification of users' data
- Role-based access control
- Distributed systems
- Distributed user management, with each system an independent island managing its users independently


Problems arising from these issues include:
- Inability to provide accurate and complete access permissions and user accounts during IT audits
- Terminated employees with access to data systems long after their employment has ceased
- Many orphan and dormant accounts providing "safe haven" for hackers, crackers and other forms of unauthorized access
- Users have multiple unneeded permissions and roles, allowing them to perform inappropriate activities
- Lack of central synchronization
- Weak central application management
- Long and costly user-provisioning processes
- Long and costly Help Desk turnaround
- Lack of connection between changes in the business and the corresponding changes in IT resources required for enablement and support

4 IDENTITY MANAGEMENT & USER PROVISIONING
4.1 OVERVIEW
User Provisioning is considered by some to be the "holy grail" of Identity Management. User Provisioning includes the following functionality:
- User data repository
- User accounts and data management
- Roles and privileges definition and management
- Automatic account creation, termination, and modification
- Automatic role creation, termination, and modification
- Password synchronization
- User self-service
- User audit and reporting
- Security policy enforcement (password policy, access policy, group's policy, etc.)
- Delegated administration (optional)
- Groups management (optional)
- Users access rights audit trail

4.2 SCHEMATIC VIEW OF SYSTEM AND PROCESS FLOW
Although Identity Management solutions are composed of several systems, they should all share a common user data repository, as well as common sign-on, reports generation, audit and management functionality, and (whenever possible) consolidated GUI and management consoles. The following two diagrams "map the Identity Management world" and provide insight into the numerous processes required to automate the IT procedures managed by User Provisioning systems. Figure 1 shows the main components of an Identity Management solution and the role played by User Provisioning. Figure 2 demonstrates the data and process flow of a User Provisioning system with its multiple inputs, complex internal workflow, and interactions with outside agents such as logs, approvers, and notifications.

The initial trigger is an event arriving from a batch processing system such as the HR system, from a form on the system's GUI, or from a self-service form. These inputs must include at a minimum the following data:
- User type
- Action requested (create, modify, remove)
- Data and data attributes to be modified
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map