An Introduction to Identity Management

...................................................................................................................................3 The Problem ...........................................................................................................................3 Account setup.....................................................................................................................4 Account maintenance.......................................................................................................4 Account teardown..............................................................................................................5 The Business Risks...............................................................................................................5 Lower productivity .............................................................................................................5 Duplicate and conflicting information............................................................................6 Lack of information security............................................................................................6 Inability to comply with audits and regulations ...........................................................6 The Challenges of an Identity Management Solution...................................................7 The Functions of an Identity Management System .......................................................7 Stores information.............................................................................................................7 Authentication and authorization....................................................................................8 External user registration and enrollment....................................................................8 Internal user enrollment ...................................................................................................8 Password management ...................................................................................................8 Auditing................................................................................................................................8 User self-service................................................................................................................9 Central administration......................................................................................................9 Delegated administration.................................................................................................9 The Identity Management Infrastructure..........................................................................9 Authoritative sources........................................................................................................9 Directory component.........................................................................................................9 Directory integration component..................................................................................10 Provisioning component.................................................................................................10 Access control component............................................................................................10 Administration component.............................................................................................11 Generalized application interfaces component.........................................................11 The Identity Management Solution..................................................................................11 Directory component.......................................................................................................11 Administration component.............................................................................................12 Directory integration component..................................................................................12 Provisioning component.................................................................................................13 Access control component............................................................................................13 Is an Identity Management Solution Right For Your Company?...............................13 Conclusion.............................................................................................................................14 References............................................................................................................................15 © S A N S In st itu te 2 00 3, A ut ho r r et ai ns fu ll ri gh ts Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 © SANS Institute 2003, As part of the Information Security Reading Room. Author retains full rights. Page 3 of 17 Abstract Identity management refers to the process of employing emerging technologies to manage information about the identity of users and control access to company resources. The goal of identity management is to improve productivity and security while lowering costs associated with managing users and their identities, attributes, and credentials. The purpose of this document is to offer a broad overview of current identity management technologies and provide a framework for determining when an identity management system would benefit your company. This document first defines the underlying business problems and resulting business risks inherent in managing user identity information across a heterogeneous technology infrastructure. Next, this document highlights the unique challenges of implementing an identity management solution. This document introduces the functionality of an identity management solution and describes this functionality within the context of the identity management infrastructure. Next, this document highlights products from leading vendors. Finally, basic framework is provided to help determine if an identity management solution would benefit your company.