Ever wondered what exactly keeps you craving for that dish you had last week or makes a dish standout from the rest? The Recipe!! I am sure if a recipe for supper interests you so much, the recipe to setting up the best security management solution for your organization must be giving you sleepless nights. There are different recipes or “Use Cases” as we call them which can add that different flavor to your organizational security. We would be talking about the 4 most widely accepted use cases below:
The diagram below explains the entire IAM process cycle and each of the use cases will comply with the same process in their own different ways:
Use Case 1: Internal(Intranet) SSO
This type of implementation is idle for organisations where most of the information transfer happens internally without a lot of access to the public networks. It negates redundant logins without the need of a very tightly monitored installation of centralized identity management systems. Many times, this usecase is associated with intranets or company portals. So when a user/employee logs in to the system he is given access to all the internal domains/services while keeping the functions of provisioning and de provisioning in place. This may not be one of the most secured IAM implementations, however in companies where intranet or local LAN is the prevalent mode of communication, it works like a charm!
Use Case 2: Internet SSO
This is pretty similar to the previous case except the fact that the Intranet is replaced by the Internet and thus building an additional level of security. This is the most widely implemented use case across the globe. In this type of implantation, the user/employee interacts with a lot of web based services like Mails, CRM’s, Salesforce, Evernote etc. for his day to day activities. This data exchange is more vulnerable to threats and hence admins have to make sure the authentication and access control is tightly monitored and most importantly centralised.
Use Case 3: Attribute Exchange
Many a times it is just not enough to authenticate the user with his username and password. There may be certain processes which would authenticate the user with his attributes like addresses, contact data or preferences. In this use case, attributes are provided as part of the initial SSO authentication event and the attributes rest with the Identity Provider or IdP. The service provider or the application needs to make a separate request for additional attributes which are then provided by the IdP to complete the process. This kind of implementation provides the user as well as the admin with a more personalized experience thereby removing the need to create a new account for services to a large extent.
Use Case 4: Federated Identity Provisioning
This kind of IAM use case is very similar to the previous one and is just an extension of Attribute Exchange with a hint of some extra spices. By enabling batch provisioning of user/employee accounts across the organisation, the system makes the movement of user account information required to create a new account (provision) or delete an existing account (de-provision) with a remote security access much easier. This can help in large organisations spread across the globe and where employees travel frequently to visit different countries.
While each industry/organisation would have a specific kind of needs for user management, one of the above four should be definitely finding a place in your workplace. So it’s time for you to gear up with your set of knives and create the perfect recipe called IAM. Voila!!