Framework for an Identity and Access Management Roadmap

5,226 views

Published on

A packed room of Denver IAMers listened to PEGRight present to the newly created Denver Identity and Access Management User Group Meetup on October 7th. PEGRight outlined a framework for developing an identity and access management roadmap by leveraging existing technologies, introducing new and sidestepping the common pitfalls.

Published in: Technology

Framework for an Identity and Access Management Roadmap

  1. 1. Framework for Developing an IAM Roadmap Presentation to the Denver IAM Users Group October 7, 2014 info@pegright.com 719.247.8475 October 7, 2014 Copyright, PEGRight Inc., 2014 1
  2. 2. Changing Face of IAM All Groups Cloud/SaaS/IDaaS Desktops and BYOD Standards-Based SSO/Federation Modern Identity Employees Only Enterprise Apps Enterprise Desktop Proprietary Direct Authentication Legacy IAM October 7, 2014 Copyright, PEGRight Inc., 2014 2
  3. 3. Elements of Modern Identity Support for Multiple Device Types and Access Points Modern Identity Enterprise Desktops Shared Computers BYOD Enterprise Issued Mobile Support Diverse User Populations Employees Contractors Teammates Business Partners Customers Members Support Diverse Application Hosting SaaS Apps Partner Apps On-Premise Apps October 7, 2014 Copyright, PEGRight Inc., 2014 3
  4. 4. Why Modernize? Workforce Mobile Devices Browsers Access to Cloud Apps Access to Corporate Apps On-Premise Hosted Apps and Services Business desires ease of Workforce Access to Apps and Services Access to Apps and Services on the Cloud Business Partners and Customers Internal SSO External SSO Federation Cloud Identity Business desires to provide Apps and Services to Partners and Customers over the internet October 7, 2014 Copyright, PEGRight Inc., 2014 4
  5. 5. IAM Roadmap Building Blocks Federation & Single Sign-On Provisioning API Security Identity Analytics Implement via Proven Integration Patterns October 7, 2014 Copyright, PEGRight Inc., 2014 5
  6. 6. Federation Patterns Workforce to SaaS and On-Premise On-Premise Applications IdP VDS D1 … SaaS SaaS SaaS D2 DN SaaS Provider with Backend Partners IdP Partner1 IdP Partner2 IdP PartnerM SaaS Provider Capability IdP Discovery IdP Discovery Patterns: • Vanity URL • Ask User for IdP (Select from List) • Prompt for User Name October 7, 2014 Copyright, PEGRight Inc., 2014 6
  7. 7. Single Sign-On (SSO) Patterns • SSO leverages federated IdP’s to provide identity attributes to Service Providers (SP’s) • Token Protocols and Cross Device/Domain Integration – SAML, OAuth, OpenID, OpenID Connect, JWT – WS-Federation, WS-Trust – Secure API’s (Mobile and Backend Services) • Forms-Based with/without specialization – Multi-Factor and Step-Up Authentication – Network Context – Digital DNA/Identity Proofing (Requires Analytics) October 7, 2014 Copyright, PEGRight Inc., 2014 7
  8. 8. Provisioning Patterns • SaaS Applications – Just-in-Time (SAML Assertion) – Pre-configured API • System for Cross-domain Identity Management (SCIM) • Proprietary • Identity Lifecycle Engine • Roles and Privileges – Difficult to Discover Rules • Self-Service Management Provision De-Provision AUTHENTICATION AUTHORIZATION MANAGEMENT Identity Credential Lifecycle October 7, 2014 Copyright, PEGRight Inc., 2014 8
  9. 9. API Security Cloud Requests Secure API Gateway Backend Hosted Infrastructure Services, Business Applications, and Business Services Functions: •Web and Mobile Security • Step-Up Authentication • Token Protocols/Signing •Security Policy Definition and Enforcement (PDP/PEP) •Protocol Translation •Payload/Data Transformation •Governance Secure Tokens Secure Sessions October 7, 2014 Copyright, PEGRight Inc., 2014 9
  10. 10. Identity Analytics and Intelligence Provision De-Provision AUTHENTICATION AUTHORIZATION MANAGEMENT Identity Credential Lifecycle SIEM/Log File SIEM/Log File ... Service Providers Security Intelligence Products Identity Credential Lifecycle Chronology and Behaviors Identity Credential Behaviors+ IAM Products October 7, 2014 Copyright, PEGRight Inc., 2014 10
  11. 11. Summary • Changing Face of IAM and Business Partnerships – Growing acceptance of the Cloud – BYOD and Internet of Things • IAM Roadmap based on Building Blocks and Patterns • Growing importance of measuring and tracking the identity lifecycle • For More Information Contact: – Eric Uythoven, VP of Security Solutions – 719.648.8548, eric.uythoven@pegright.com • Slides available on www.pegright.com via SlideShare October 7, 2014 Copyright, PEGRight Inc., 2014 11

×