Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CIS14: Why Federated Access Needs a Federated Identity

Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How creating a federated identity service gives you a single unified view of ALL identities and their context to improve your federated access, WAM and application deployment.

  • Login to see the comments

CIS14: Why Federated Access Needs a Federated Identity

  1. 1. Why Federated Access Needs a Federated Identity Wade Ellery Western Region Director of Sales Denise Lores Senior Architect
  2. 2. The Four Pillars of Identity Services ¡  Enhanced user experience ¡  Improved management of security risks ¡  Efficient development/ deployment of applications ¡  Reusable integration ¡  HIPAA, SOX compliance ¡  Common access logs ¡  Improved accountability ¡  Common reporting ¡  Reduced administrative tasks ¡  Reduced help desk calls ¡  Improved process efficiency ¡  Central user information ¡  Reduced administrative tasks ¡  Reduced help desk calls ¡  Improved security ¡  Accountability ¡  Cost savings User Self-Service & Password Management Virtual Directory Web Access Management/SSO Centralized Audit Delegated Administration Synchronization/ Replication Federated Identity Management/SSO Logging and Monitoring Automated Approvals and Workflows Meta Directory Authentication & Authorization Access Certification Enterprise Role Definition Directory Storage Standard APIs Reporting Audit, Role & Compliance Access Management Identity Management Identity Data Services
  3. 3. RadiantOne: Your Foundation to a Complete Identity Service HR DatabasesApplications DatabasesLDAP Directories Cloud Apps
  4. 4. IDM Supporting Multiple Repositories is Costly: Traditional IDM Attempted to Mitigate Existing Identity Infrastructure Legacy Applications
  5. 5. IDM Existing Identity Infrastructure Legacy Applications New Applications and Customers Increase complexity, support, and risk Existing Identity Infrastructure SaaS/Cloud/BYOD/ Partner Apps
  6. 6. Existing Identity Infrastructure SaaS/Cloud/BYOD/ Partner Apps RadiantOne The Identity Hub IDM Legacy Applications Federated  Iden*ty  Service  
  7. 7. Federated  Iden*ty  Service   Existing Identity Infrastructure SaaS/Cloud/BYOD/ Partner Apps Federated Identity Service Able to Sunset Identity Stores IDM Legacy Applications
  8. 8. More Identities, Better Scope—the Secret to Boosting Your Ping Federation IdP Deployment
  9. 9. Identity as a service through Virtualization The Key to Solving the Identity Integration Challenge •  Acting as an abstraction layer RadiantOne creates attribute rich global user profiles spanning multiple identity silos. •  Aggregation, Correlation, Transformation, and Normalization of the user identity provides the ability to serve that identity to applications in the format they expect. Aggregation Correlation Integration Virtualization Population C Population B Population A Groups Roles LDAP SQL Web Services /SOA App A App B App C App D App E App F Contexts Services SCIM REST
  10. 10. RadiantOne Methodology Leveraging Existing Contexts to Build User Profiles
  11. 11. RadiantOne Methodology Joining across Data Silos Links Identities to Context
  12. 12. •  RadiantOne is made of two main parts: •  An integration layer based on virtualization •  A storage layer: Persistent Cache •  LDAP (up to v6.2) •  HDAP (based on big data technologies, v7.0) RadiantOne Integration Layer and Cache/Storage Layer Integration Layer Integration Layer + Storage (Persistent Cache) HDAP Storage (Persistent Cache)
  13. 13. EmployeeID          Clearance    Region      UserID                                                        DeptID     509-­‐34-­‐5855        1                                      PA                    EMP_Andrew_Fuller     Sales234   Join With Correlation Rules employeeNumber=2   samAccountName=Andrew_Fuller   objectClass=user   mail:   departmentNumber=234   Corporate   AcPve  Directory   uid=AFuller   Ptle=VP  Sales   givenName=Andrew   sn=Fuller   departmentNumber234   European  Portal     Directory   US  Click  Database   No  Single  ATribute  in  Common  =  No  Join   employeeNumber=2   samAccountName=Andrew_Fuller   objectClass=user   mail:   uid=Afuller   Name=Andrew  Fuller   Ptle=VP  Sales   ClearanceLevel=1   Region=PA   Dept=234     Correlated  IdenPty  View   CorrelaPon  Rules   Federated  Iden*ty  Service  
  14. 14. Unified Profile View and Portal Agnostic •  Multiple sources of identity with different schemas, protocols, format, and structure. •  Application(s) expects