Hitachi


Previous PDF

swipe to navigate

Enterprise identity management systems bring many benefits to large organizations and are increasingly a required feature in today's regulatory environment. Some of the important features of enterprise IdM include:

  • Improved user productivity, due to reduced wait for new and updated systems access and fewer authentication problems.
  • Lower security administration cost, as the bulk of user management is automated or delegated to business users and password resets are either eliminated or resolved with self-service.
  • Enhanced security, as inappropriate access is terminated quickly and reliably.
  • Regulatory compliance, including the ability to audit access rights globally, to ensure that only appropriate users have access to sensitive systems and data.

Unfortunately, despite two generations of user administration technology, enterprise identity management systems from many vendors remain difficult to deploy and costly to maintain. Many IdM projects end either in stripped-down installations or are entirely abandoned due to these factors.

This paper discusses the main challenges encountered by large organizations in deploying enterprise identity management systems, and offers solutions to help overcome each challenge.

The solutions offered in this paper are implemented in the Hitachi ID Identity and Access Management Suite.

Enterprise Identity Management

Enterprise Identity and Access Management (IAM) is defined as a set of processes and technologies to effectively and consistently manage modest numbers of users and entitlements across multiple systems. In this definition, there are typically significantly fewer than a million users, but users typically have access to multiple systems and applications.

Typical enterprise identity and access management scenarios include:

  • Password synchronization and self-service password reset.
  • Identity and access management (IAM), including identity synchronization, auto-provisioning and automatic access deactivation, self-service access requests, approvals workflow and consolidated reporting.
  • Enterprise single sign-on -- automatically filling login prompts on client applications.
  • Web single sign-on -- consolidating authentication and authorization processes across multiple web applications.

Enterprise identity and access management (IAM) presents different challenges than identity and access management in Extranet (B2C or B2B) scenarios:

Characteristic Enterprise IAM (typical) Extranet IAM (typical)
Number of users

under 1 million

over 1 million
Number of systems and directories

2 -- 10,000

1 -- 2
Users defined before the IAM system is deployed

Thousands

Frequently only new users
Login ID reconciliation

Existing accounts may have different IDs on different systems.

Single, consistent ID per user.
Data quality

Orphan and dormant accounts are common. Data inconsistencies between systems.

Single or few objects per user. Consistent data. Dormant accounts often a problem.
User diversity

Many users have unique requirements.

Users fit into just a few categories.

In short, Enterprise IAM has fewer but more complex users. Extranet IAM has more users and higher transaction rates, but less complexity.

Previous Next PDF