PDF

swipe to navigate

Scope of automation

Identity Express: Partner Portal Edition automates best-practice processes for managing identities, security entitlements and credentials in partner-facing portal environment. It is suitable where IAM requirements fit the following profile:

  1. A host organization has a business relationship with one or more partner organizations.
  2. The host organization operates one or more applications which partner users sign into.
  3. There are no reliable data feeds that could be used to automatically grant or revoke access to partner users, or such data feeds are only available for a subset of partners.
  4. The host organization wishes to delegate the management of partner users to partner administrators, rather than creating, managing and deactivating partner users directly.

Identities and security entitlements in these organizations can be managed using the following processes:

  1. Global administrators setup and manage partners and partner administrators.
  2. Partner administrators create, manage, support and deactivate partner users.
  3. Warnings are sent to inactive partner users, asking them to sign on before their access is deactivated.
  4. Partner users who remain inactive are automatically disabled.
  5. Partner administrators are periodically invited to review and clean up lists of partner users.
  6. Partner administrators can reset passwords and clear intruder lockouts for other partner users.
  7. Partner users can manage their own credentials, including enrolling security questions and resetting passwords.

Change management processes are subject to a variety of policies relating to access changes and identity information:

Policy Description
Self-service visibility

Partner users can only see their own profiles.
Partner-wide visibility

Partner administrators can only see and modify partner users in their own organization.
Global access

Global administrators can manage all partners and all users, including selecting the partner users who will have partner administrator rights.
Deactivation after inactivity

Partner user accounts are disabled after a period of inactivity.
Reviews per partner

Partner administrators are responsible for periodically reviewing accounts in their own organization and removing the accounts of users who no longer require access.
Global reviews

Global administrators are responsible for periodically reviewing the list of partner administrators and removing any that no longer require access.
Password security

Passwords are subject to complexity, non-reuse and periodic change requirements.
Security question strength

Security questions must be unique and sufficiently complex.
Intruder lockouts

Access to the system is subject to intruder lockouts triggered by repeated, failed login attempts.

PDF

Comment via LinkedIn