Identity & Access Management

Home IAM

Identity & Access Management

 

SKyPRO has already specialized in IAM more than 20 years ago and has since then grown along with it: From classic provisioning via Identity Governance to Single Sign-On and modern methods of multi-factor authentication. Our great experience and strength lies in the general architecture of IAM systems as well as in the implementation. Especially within the solution portfolio of OpenText / CyberRes / NetIQ.

Identity Management

IAM can be divided into two areas “Identity” and “Access”.

Roughly speaking identity management is about
a) creating, maintaining, and if necessary deleting digital identities, and
b) making these digital identities available for connected peripheral systems through one or more vaults.

The peripheral systems receive information from Identity Management about which rights are needed and hence, have been granted to the identities (provisioning). This results in significantly higher security and automation of time-consuming processes.

Digital identities often represent people, but can also represent other users such as applications, servers, workstations, IoT devices, vehicles, meeting rooms, or transport pallets.

 

Evolution

In recent years, the term Identity Management has been joined by the term Identity Governance. These have been integrated by Gartner, among others, resulting in Identity Governance & Administration (IGA). This supplements the classic concept with further functionalities, which are aimed in particular at security, traceability, and compliance.

Important keywords are, for example, separation of powers (segregation of duties), the principle of granting a user only the minimum necessary authorizations and nothing beyond that (least privilege), or regularly ensuring that a user really needs existing authorizations (recertification).

Access Management

In IGA the identities and their access permissions are managed securely. While in Access Management the component of authentication is added.

Simply put, a system that allows a login must not only know what an identity is allowed to do and what it is not allowed to do, but also ensure that the person, server, application, etc. is truly the identity they claim to be.

Ultimately, the objective of IAM is effective access control. It is about ensuring that access and resources are granted to the right user, and vice versa, that users that should not have access are not granted the access.