Identiverse 2021 enterprise identity: What foundations
•Download as PPTX, PDF•
0 likes•96 views
Identiverse presentation about the foundations to build for enterprise identity : repositories, identities, user rights and access control
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Identiverse 2021 enterprise identity: What foundations
Similar to Identiverse 2021 enterprise identity: What foundations (20)
More from Bertrand Carlier
More from Bertrand Carlier (11)
Recently uploaded
Recently uploaded (20)
Identiverse 2021 enterprise identity: What foundations
- 1. Enterprise Identity: What foundations? Bertrand CARLIER Senior Manager, Wavestone JUNE 2021
- 2. What is IAM? JUNE 2021 sf
- 4. [click hereto add text or image] JUNE 2021 KEEP CALM AND FOLLOW THE RECIPE
- 5. Know your repositories JUNE 2021 1 IAM Active Directory Shared authn/authz directory Azure AD sf HR/payroll Procurement B2B portal
- 7. Know your repositories JUNE 2021 The basics Whatareyour repositories? - Areapplications relying on Active Directory or anothercentral repository for identity data? - Can you map all your key applications? - Collaboration softwares(O365,G Suite,Slack, etc.) - HR, Finance, Marketing, Procurement,Manufacturing, etc. Howdotheyrelate? - Whereareyour sources oftruth regarding identity data? - Which repository is authoritative over which? - Foremployees,contractors or business partners - Forsomespecific attributes (identifiers,email addresses,etc.) ACloud directoryora directoryforthecloud? How do you provide cloud applications with identity data? - Justin time provisioning? - Directory sync? - SCIManyone? The next step 1
- 8. Know your repositories JUNE 2021 sf
- 9. Know your repositories JUNE 2021 sf Active Directory Azure AD or Cloud directory? Shared authn/authz directory
- 10. Know your identities JUNE 2021 The basics Correlateeveryaccount - Once and then regularly - Ensurepeople hold only onestandard account perapp - Reviewprivileged accounts - Service accounts should belinked toa physical personas a custodian - Question unused accounts - Getrid of sharedaccounts as much as possible and enable traceability Establish joinerand leaver processes - Createaccount in central repository when peoplejoin thecompany - Bewareof thepayroll latency - Link account status with person status in thecompany - Disable or deleteaccounts when people leavethecompany - Consider automating this for high volume and sensitive apps first and all apps then Identitiesfor everything - Notonly users getidentities but every entityaccessing any resource (applications, servers,devices, etc.) - All theseidentities must have their lifecycle controlled and managed The next step 2
- 12. Know your identities JUNE 2021 sf Active Directory Azure AD or Cloud directory? Share authn/authz directory
- 13. Know your identities JUNE 2021 sf Active Directory HR/payroll Shared authn/authz directory IAM Azure AD or Cloud directory? partners corporate users Procurement B2B portal
- 14. Know your user rights JUNE 2021 The basics DeployRBAC - Build a rolemodel that fitsyour company (and not your orgs): - A handful ofroles pertypical app - Business roles contain app roles - Shop floor employeestendtohave mostly auto-assigned roles 3
- 17. Know your user rights JUNE 2021 The basics DeployRBAC and possibly ABAC - Build a rolemodel that fitsyour company (and not your orgs): - A handful ofroles pertypical app - Business roles contain app roles - Shop floor employeestendtohave mostly auto-assigned roles - Keepin mind theprinciple of “leastprivilege” - Then,ABAC can provide moreflexibility - Requiresa good maturity level - Data quality is paramount - Involved attributes becomesecurity attributes Recertifyuser rights - Consider application-centric recertification on a periodic basis - Startwith risky rights and sensitive apps first - Consider manager-centric recertification whenpeople moveand on aregular basis Assisted orpredictiveuser rightsmanagement - Help end-users seetherelevantroles they might need - Help approvers evaluatewhethera requestshould bemoreclosely looked at - Help recertification actors todetect outliers The next step 3
- 18. Know your user rights JUNE 2021 sf Active Directory HR/payroll Shared authn/authz directory IAM Azure AD or Cloud directory? partners corporate users Procurement B2B portal
- 19. Know your access control JUNE 2021 The basics Centralize - Delegate authentication to adedicated identity provider - Connect your application using standards like SAML, OpenID Connect, OAuth2 MultiFactorAuthentication - Connect MFAmethods tothis identity provider - Consider deploying MFA toeveryuser - Aim forboth good security and good UX 4
- 21. Know your access control JUNE 2021 sf Active Directory HR/payroll Shared authn/authz directory IAM Azure AD or Cloud directory? partners corporate users Procurement B2B portal
- 22. Know your access control JUNE 2021 sf Active Directory HR/payroll Shared authn/authz directory IAM Azure AD or Cloud directory? partners corporate users Procurement B2B portal Corporate devices Third-party devices IoT devices API Gateway MFA Single Sign- On PKI Identity Provider OAuth2 OpenID Connect SAML
- 23. Know your access control JUNE 2021 The basics Centralize - Delegate authentication to adedicated identity provider - Connect your application using standards like SAML, OpenID Connect, OAuth2 MultiFactorAuthentication - Connect MFAmethods tothis identity provider - Consider deploying MFA toeveryuser - Aim forboth good security and good UX Consider passwordless - Finally kill thepassword whereveryou can forboth security and UXreasons - You might consider targeting some specific populations first(eg. shop floor employees,customers) The next step 4
- 25. JUNE 201 JUNE 2021 1 Knowyourrepositories 2 Knowyouridentities 3 Knowyouruserrights 4 Knowyouraccesscontrol Enterprise Identity–What Foundations?
Editor's Notes
- Losing the date in the tag image
- Can you draw the map and locate all of your key applications? Can you draw all the identity flows between apps and repositories?