• Identity and Access Management Overview
• What is a graph database?
• Why is Neo4j a great fit for IAM?
• Great customer stories
“Ensuring the right Identity have access to the right resources at the right
times and for the right reasons”
What do we need to do (at least)?
• Define identity
• Define the structure of an organization
What is Identity and Access Management?
Device <-> Service
Security End to EndIdentity of users
Identity of things
Complexity of Digital Identities
Jane Smith the…
• Business Analyst for Customer Support at ABC Inc.
• interim Head of BI and Reporting at ABC Inc.
• line manager of Joe Brown, who’s working on a Strictly Confidential
portfolio at ABC Inc.
• employee of ABC Inc.
• and so on...
It looks like a hierarchy...
So what does ABC Inc. look like?
Access Management is traditionally
designed with the underlying assumption
that everything is hierarchal
What about “dotted lines”?
What about “Conditional Approvals”?
• Distributed access across on premise and in the cloud for in-
house/custom off the shelf/SaaS applications
• De-centralized resources that are assigned to people rather than roles
• The rise of IoT and different identities that people and services assume
in different contexts
Modern challenges for IAM
• Multiple and conditional approval levels
• History of approval chains / time series (eg „who approved at 5th of July
User xyc access to system abc?“)
• GDRP and Compliance
• Adding new use cases as needed
• Changing hierarchies on the fly12
… other challenges for IAM
Query complex relationships in real-time
Graph Databases are Designed for Connected Data
Store and retrieve data Aggregate and filter data Connections in data
Real time storage & retrieval Real-Time Connected Insights
Long running queries
aggregation & filtering
“Our Neo4j solution is literally thousands of times faster
than the prior MySQL solution, with queries that require
10-100 times less code”
Volker Pacher, Senior Developer
What is a graph database?
name: “Joe Brown”
• Can have Labels to classify nodes
• Can have more than one label
• Relate nodes by type and direction
• Attributes of Nodes &
The GQL ISO Standard: gqlstandard.org
• Introduced in May 2018: https://gql.today/
• An initiative to immediately
rally support for a unified
Graph Query Language
• Standards meetings are ongoing
• Significant Upvote
Apache Spark accepted
• Authorization data model maps closely to the conceptual view
• Closer alignment to processes
• Easy to understand code to query and explore the data
• Pain-free to update and modify model structure as and when required
• Traversing the authorization tree is fast, providing real-time authorization
Why Neo4j is a great fit for IAM
Three potential approaches:
• Create a graph-based repository to store identity and access information
• Integrate Neo4j with current IAM data for authorization
• Import IAM data into Neo4j to perform audit
• For instance load AD structures to find security risks
How can Neo4j fit into IAM approaches?
Find out more about IAM implementations in Neo4j:
• Telenor: www.youtube.com/watch?v=kM2NWM0t-2s
• ForgeRock/Nulli: www.youtube.com/watch?v=R9Vdm2ZqlpQ
Have a go with Neo4j and an IAM example:
Check it out