ORG Access Management: Technical Details

318 views
242 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
318
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ORG Access Management: Technical Details

  1. 1. 30.10.2013 FSP GmbH | Product Presentation
  2. 2. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 2
  3. 3. Company Overview Founded in 2002 Headquarters: Cologne Represented throughout Germany 40 employees 30.10.2013 ORG Product Presentation 3
  4. 4. Company Overview: Software & Consulting Software Business Consulting • Access Governance Concepts • Process Optimization • Project- / Test Management IT Consulting & Development • Software Development • IT Security • IT-Project- / Test Management 30.10.2013 ORG Product Presentation 4
  5. 5. Company Overview: Customers 30.10.2013 ORG Product Presentation 5
  6. 6. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 6
  7. 7. Access Management: Conventional method RACF Group SAP HR SAP-Role Indiv. Applications Groups / Individual Rights P&C Administration Individual Rights Partner System Individual Rights Notes/Outlook Group LDAP e.g. Group Membership Databases Employee Several System-Administrators Indiv. / Role Individual Systems often use Individual Rights New Entry, Fluctuation, Departmental Change 30.10.2013 ORG Product Presentation 7
  8. 8. Solution: ORG Central administration of user rights Interfaces: SPML-Systems: - Novell Identity Manager - IBM Tivoli Directory Integrator - openSPML Directory Systems ‐ ‐ ‐ - Employee New Entry Fluctuation Departmental Change Central, lean Administration User Rights based on: - Roles/Rights model - Attributes Other systems ‐ SAP R3 ‐ RACF ‐ INTERFLEX APIs - External Known customer Prospect … Microsoft AD IBM Tivoli Directory Server openLDAP Novell eDirectory SUN one Directory Server … Java (SE & EE) Windows / Unix (C) z/OS (Cobol, PL/1, C) automated provisioning 30.10.2013 ORG Product Presentation 8
  9. 9. ORG Architecture: Basis for USPs 30.10.2013 ORG Product Presentation 9
  10. 10. Model: Entities OrganizationalUnit Position User Organizational Structure Client Location Role Role group Competence scheme Role model Permissions Competence Role conflict 30.10.2013 ORG Product Presentation 10
  11. 11. Model: Historicizing, life cycle Time Status: future Create Status: current Edit or delete No physical deletion: The database entry is marked as „deleted“ Status: historicized Expired or deleted Historicizing of all changes of an object or a relation between objects including the initiator and the time 30.10.2013 ORG Product Presentation 11
  12. 12. SPML Webservice: Architecture Interface to approval workflow: • ORG Approve • Lotus Notes • SharePoint • etc. • Interface to higher-level systems: • HR-Systems (z.B. SAP HR, …) • IDM-Systems (z.B. IBM TIM, Novell IDM, …) • etc. 30.10.2013 ORG Product Presentation 12
  13. 13. Approval Workflow (with ORG Approve) • Self Service • Appliable permission requests depend on the owners role (e.g. a normal employee is not permitted to request an executive‘s role) • 4-eyes principle supported (parallel and sequentially) • MaRisk AT 7.2 conform 30.10.2013 ORG Product Presentation 13
  14. 14. Standard: RBAC 30.10.2013 ORG Product Presentation 14
  15. 15. Model: Standard software Modeling • User and Role are always available. • Position, Role group and Organization Unit are optional. External system User Organization - unit Typical use Position • Storage systems with their own detailled permissions. • E. g. the system has to enable roles or groups to carry authorizations. Role group Role Examples • LDAP-Directory (z.B. Active Directory) • SAP • RACF 30.10.2013 User Role or group Indiv. rights ORG Product Presentation 15
  16. 16. ORG Connector: Architecture 30.10.2013 ORG Product Presentation 16
  17. 17. ORG Connector: Attribute mapping Attribute mappings are free configurable Source in ORG can be: Attribute of the user Values of a users competence to a random Competence Scheme Composite values via formation rule 30.10.2013 ORG Product Presentation 17
  18. 18. USP: Fine Grained Attribute based, more than role based 30.10.2013 ORG Product Presentation 18
  19. 19. Model: Homegrown software Modeling User • Users and competency scheme are always available • Position, role group, role and OU are optional. • Competencies can be defined for users, roles or positions. Typical use • House developments • Systems in which an exit is provided for the procurement of allowances. 30.10.2013 Position Organization - unit Role group Role Competence Competence scheme ORG Product Presentation 19
  20. 20. ORG APIs: Access to runtime db 30.10.2013 ORG Product Presentation 20
  21. 21. Process logic: Runtime DB access Application life Functional Authorization capsule ORG API Verify the payout isPayoutPermitted(userid,value) hasCompetence(userid,“PayoutContract“,“Life“,value ) Database-consultation Result (Yes or No) Result (Yes or No) • • The Process-logic is basically at all APIs the same. It makes sense to summarize all functional authorizations of a application to one specific Functional Authorization capsule. 30.10.2013 ORG Product Presentation 21
  22. 22. Interfaces SPML systems: • Novell Identity Manager • IBM Tivoli Directory Integrator • openSPML Other connectors available for: Directory systems: • SAP R3 • Microsoft Active Directory • RACF • IBM Tivoli Directory Server • SharePoint • openLDAP • INTERFLEX • Novell eDirectory • SUN one Directory Server APIs available for the following platforms: • ApacheDS • Java (SE & EE) • RACF LDAP-Server • Windows / Unix (C) • other systems • z/OS (Cobol, PL/1, C) 30.10.2013 ORG Product Presentation 22
  23. 23. Summary • Single Point of Administration and Control • Reduction of Time, Cost and Complexity • History management / Revision proof • Supports RBAC / ABAC • Integration in company-wide environments is proven • Integration of organizational structure information • Distributed and delegated administration (configurable) • Multi-client capable • High performance & fail save • Corporate Design applicable 30.10.2013 ORG Product Presentation 23
  24. 24. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 24
  25. 25. Access Governance Suite 30.10.2013 ORG Product Presentation 25
  26. 26. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 26
  27. 27. Live Demo FSP GmbH Consulting & IT-Services Albin-Köbis Straße 8 D-51147 Cologne Tel.: +49 (0) 2203 / 371 000 – 0 www.fsp-org.com 30.10.2013 ORG Product Presentation 27

×