Article

Federated Identity Management Extends Control Across Hybrid Environments

Clango

CLANGO is a DIT company, focused on IAM Advisory

The continued adoption of Software-as-a-Service (SaaS) solutions and other cloud-based services has blurred the concept of the network perimeter. At the same time, organizations have become increasingly dependent on partners who span supply chains, brokers, and other networks.

These distributed computing models have created new challenges for identity and access management (IAM) solutions, which provide a framework for managing users and their access privileges across the enterprise. IAM tools include user provisioning, password management, strong authentication, single sign-on, and other technologies, which are increasingly bundled into comprehensive platforms. Traditionally, these solutions have been designed to operate within the corporate data center.

Today’s organizations, however, are grappling with a new definition of “identity,” one not contained only within internal applications and data. In a supply chain, for example, organizations must figure out how to integrate external user groups into their security controls to provide access to appropriate resources. Organizations that use SaaS solutions must also manage user credentials outside the enterprise security framework.

Federated identity management provides the mechanism for handling this new identity paradigm. It enables business-to-business integration by making identities portable and enabling the exchange of identity data. Federated identity management offers two key benefits: it enables users to access external resources with a single credential, and it streamlines identity provisioning and management across distributed resources.

Federated identity management enables organizations to provision users, roles, and entitlements to partner applications in a secure, standard format. If users regularly access applications hosted by a business partner who leverages federation technology, federated single sign-on (FSSO) can act as a bridge, allowing internal user credentials to be transformed and accepted by those partners. As such, federation facilitates SSO across third-party providers, allowing users to seamlessly access applications that are hosted by a partner. Upon clicking a link posted within an enterprise portal, a user is seamlessly logged into the external application or resource — no user ID or password required.

The end result is a seamless SSO experience for the user. Whether partner applications are private (such as a distributor’s warehousing application) or cloud-based (such as SalesForce.com), FSSO can help improve user productivity, reduce help desk calls for forgotten passwords, and improve identity lifecycle management.

Federated identity management can also help organizations share their Web applications with partners in a cost-effective and timely manner. Utilizing federation services, organizations can easily accept federated assertions of identity, allowing business partners to log in seamlessly without the need for a native user ID and password. This improves productivity for users, increases the appeal of the organization’s services, and eliminates the need for partners to maintain another set of IDs and passwords.

Organizations that integrate extensively with third parties or utilize SaaS solutions must deal with an increasing number of user accounts maintained on affiliate or cloud-based applications. As a result, managing application accounts across the business-to-business boundary has become a priority. Federated identity management can help streamline and standardize the process of business-to-business identity management by enabling organizations to securely share user credentials with business partners. Federation allows organizations to share identity credentials and facilitate single sign-on for access to external resources.

____________________________________________

If you would like more information about how the right IAM solution can help you meet industry specific security requirements, please reach out to us via email at (info@dtec.com).

Leave a Comment