|
|
|
Access Control
Authorization or access control is the "raison d'être" for most identity management deployment. While there may be some
benefit inherent in effectively and efficiently managing the identities with an organization it is usually for the purpose
of granting access to restricted facilities, both virtual and physical.
Access control, by definition, must be real-time. As a user attempts to gain access to a computer application the access
control system must provide the user credentials to enable the user to gain the appropriate access. For instance, an
account clerk might get access to the company's financial system to allow the entry of a customer transaction. The Finance
Manager, however, will require far greater access to be able to create reports and monitor all activity in the system.
It is the access control mechanism that will provide this differentiation.
The importance of controlling access to computer applications is becoming more important for organizations as there is
increasing focus on keeping access to documents and files properly managed. It is important that access is only available
based on a proven identity validated by a trusted entity. It is important that this access is integrated with the
organization's identity management environment. In too many companies the access control mechanism is independent and open
to discrepancy.
Single Sign-on
SINGLE SIGN-ON
One of the biggest issues with a disassociated access control mechanism is the potential for multiple sign-ons. Once a
user has logged onto the company system they must then individually log onto individual applications retyping usernames,
often different between applications, and passwords that are not synchronized i.e. when one system forces a password change
it is not copied to other systems. Often the password change frequency is not synchronized either with some applications
requiring changes every month, some every 90 days and some never. The result is users are forced to remember multiple
usernames and passwords and will often resort to unsafe practices such as keeping written records of passwords or not
changing them at regular intervals.
The primary reasons why a customer employs ICA are:
| |
• Vendor independence |
| |
• Understanding of the complex technical requirements and environments in delivering Single Sign On, RBAC
(Role Based Access Control) & Unified User Management |
| |
• Clear knowledge and experience in evaluating different vendor capabilities. |
|
| |
|
|
|
 
|
|
