To learn more about Directory Concepts and how we can help your organisation please contact a...
description
Transcript of To learn more about Directory Concepts and how we can help your organisation please contact a...
![Page 1: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/1.jpg)
To learn more about Directory Concepts and how we can help your organisation
please contact a Directory Concepts relationship manager near you:
Sydney +61 2 9904 3430Melbourne +61 3 9804 8500Brisbane +61 7 3369 3500Wellington +64 4 460 5273
National Support: 1300 366 946 or [email protected]
![Page 2: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/2.jpg)
Using an organisation’s identity information to enable
TRIM
![Page 3: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/3.jpg)
Agenda
• Introduction• Identity Lifecycle Management• Integrating TRIM
![Page 4: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/4.jpg)
Who are Directory Concepts?
• Offices Brisbane, Sydney, Melbourne and Wellington
• 6o+ technical staff across these locations• 10 years speciality in identity driven
solutions• Platinum partner status with Novell• Technical staff are recognised in the
industry as maintaining the deepest identity specialty skill set in the Asia Pacific region
• Consult and support to government on identity and access management across the region
![Page 5: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/5.jpg)
DC Offerings
Consulting Services
ArchitectureConsultancyBusiness analysisDesignProject management
Professional Services
Project build and deployPost project supportSpecialty managed services
24 x 7 helpdesk servicesContract onsite services
![Page 6: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/6.jpg)
Introductions
• My background?─ Software Development (corporate and startup)
─ Experience in Education, Financial and Government sectors
─ Head of Development Vertical at Directory Concepts
![Page 7: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/7.jpg)
Information Management (IM)
Documents IdentitiesIdentity
Management(IDM)
![Page 8: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/8.jpg)
Identity Lifecycle Management
• What does it promise?─ Automation of the process to manage access rights from the day a user is hired until the day they leave the organisation
─ Consistent and accurate information and access rights across all connected systems
• So what is it?
![Page 9: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/9.jpg)
Identity Lifecycle Management
![Page 10: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/10.jpg)
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
![Page 11: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/11.jpg)
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
Key Elements of Identity Management
![Page 12: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/12.jpg)
Business Issue: Your Enterprise has many Identity Stores
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
Many of your Enterprise’s applications own a piece of the User's Identity.• This Identity data can be expensive to
maintain.• The Data may not be shared by everyone
who needs it.• This Data may not be accurate, consistent
or kept up to date.
![Page 13: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/13.jpg)
Novell's Solution:Create a Central Identity Vault
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
Identity Isolation problems can be solved by creating an Identity Vault.• A location for centralized
identity management• Many applications share the same
identity data and authentication and authorization functionality
• Lays foundation for access control
• Provides basis for role-based personalization based on rights
Identity Vault
![Page 14: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/14.jpg)
The Solution:Advanced Identity Synchronization
Human Resources
Network/NOSDirectory
Enterprise Application
PBX
Identity Stores
In order to aggregate this identity data into the Identity Vault we utilize Identity Synchronization technology.• This allows you to utilize data
owned by many systems to create a single rich identity
• It allows for distributed ownership of portions of an identity, while allowing a single, centralized identity that can be leveraged by a myriad of systems.
Identity Vault
![Page 15: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/15.jpg)
Distributed Ownership of Dataa centralized view
Help Desk System
E-Mail System
File & Print
PBX
HR System
Identity Vault
Email Address
First NameLast NameEmployee IDAddressLocation
Phone Number
Network Address
First NameLast NameLocation
Email AddressFirst NameLast Name
First NameLast NameLocation
First NameLast NameEmployee IDLocation
User ID
![Page 16: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/16.jpg)
Novell IDM Application Coverage
![Page 17: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/17.jpg)
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
![Page 18: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/18.jpg)
Roles Management
• Maps Business Roles to IT Entitlements• Assign users to Roles based on business
policies and an exception approval process
![Page 19: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/19.jpg)
Novell Solution:Roles Based Provisioning Module
• Role represents business function/position• Business and user centric (authorisation
workflows)• Assign resources to roles and then assign
the roles to the users or groups or organisational units (Inheritance)
• Delegation• Separation of duties
![Page 20: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/20.jpg)
Novell Identity Manager Roles Based Provisioning Module
20
Integrated Roles Management & Workflow
![Page 21: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/21.jpg)
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
![Page 22: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/22.jpg)
Novell Solution:Automated Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
In order to give user's access to the resources they need we utilize dynamic provisioning capabilities.• This allows Identity Manager
to capture events that occur in an authoritative system such as an HR system
• The Identity Management system provisions user in realtime based on policies
Identity Vault
Policies
HR Personnel
![Page 23: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/23.jpg)
Novell Solution:Workflow Based Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
In situations where access to resources should require approval, a user facing provisioning environment is created.• Users only see the
resources that they can request based on their Identity
• Policies determine who should approve access to the resource
Identity Vault
Policies
UserApplication
User
User'sManager
![Page 24: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/24.jpg)
Novell Solution:Workflow Based Provisioning
Human Resources
Network/NOSDirectory
Enterprise Application
Financial Application
Identity Stores
• The Manager can access the Provisioning User Application. Here the manager can deny or approve the request
• Access is Granted immediately
Identity Vault
Policies
UserApplication
User
User'sManager
![Page 25: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/25.jpg)
Workflows - simple
![Page 26: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/26.jpg)
![Page 27: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/27.jpg)
Workflow Features
• Highly flexible─ Can be as simple or complex as desired
• Time-outs and escalation• Third-party integration (SOAP/Web Services)
─ Generate service desk tickets• Can be user initiated or automatically
initiated• Customisable forms
![Page 28: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/28.jpg)
Business Process Automation
![Page 29: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/29.jpg)
Key Elements of Identity Management
• Identity Integration• Roles management • Integrated workflows and provisioning
policies • Self Service
![Page 30: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/30.jpg)
End Users: typical issues
• Unfavourable user experience─ Required to call service desk─ “I have too many passwords”
• Service desk over-utilisation─ Password resets─ Simple requests (file access etc.)
• Security─ Users creating their own credential store
• Lost productivity
![Page 31: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/31.jpg)
Case Study
• Organisation with 2000 users─ 3592 password resets (forgotten/expired)─ 1162 requests for additional access
• 3592 password resets pa─ Gartner: ~25AUD (22USD) for each password reset
─ 3592 x 25 = $89,800* pa• 1162 file access requests pa
─ ~15 minutes to complete each request─ 1162 x 15 = 17430 minutes = 290 hrs = 36 days
* Does not account for lost productivity
![Page 32: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/32.jpg)
User Application
• Web-based interface to display and allow users to view and manage identity data in the identity vault.
– Organization Charts
– White Pages
– Profile management
– Password management
![Page 33: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/33.jpg)
Novell® Identity Manager
Novell Identity Manager delivers:• User Provisioning• Roles Based Access Control• Identity Integration• Password Management• Delegated Administration/Self Service• Automated workflows (both data driven and approval driven)
Databases
GroupWise
PeopleSoft
LDAP Directories
Mainframes
Windows Server
BMC Remedy
Notes
Avaya PBX
Administermy resourcesor workgroup
Search / browseusers or resources
Requestaccess toresources
Recover forgottenpassword
Self-administration
Approved
Identity and provisioningenvironment
Identity Vault
![Page 34: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/34.jpg)
Identity Manager
•Reach global customers
•Tighter supplier relationships
•More productive partnerships
•Consistent security policy
•Immediate system-wide access updates
•Consistent identity data
•Automated risk mitigation
•Enterprise SoD
•Eliminate redundant administration tasks
•Reduce helpdesk burden
•Fast employee ramp-up
•User self service
•Focused, personalized content
•Delegated Administration
•Comprehensive profile view
•Password management
Identity Management
•SOD requirements
•Role-based access
•Least privilege access
•Real-time visibility and disclosure
•Basic compliance reporting
Business Facilitation
Governance &
Security
Increased Productivity &
Cost Reduction
Regulatory Complianc
e
Increase Service Level
Allow the enterprise to address Pain Points and business initiatives from the IT Manager to the CxO
![Page 35: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/35.jpg)
Integration with HP TRIM
• Connecting• Translating• Access Control
![Page 36: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/36.jpg)
Connecting• User Lifecycle Integration
─ Indirect• Database Staging Table
─ Direct• Web Services via SOAP Connector
– Stateless• Custom IDM Connector
– “Stateful”– Bi-directional
![Page 37: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/37.jpg)
Translating• Mapping LDAP Classes to TRIM Locations
Class LocationUser Person
Group Group/Project Team/Workgroup
Organizational Unit Organization
![Page 38: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/38.jpg)
Managing Locations
• Create, Update and Delete─ Persons─ Workgroups─ Organisational Units
![Page 39: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/39.jpg)
Access Control
• Some Options─ Minimal rights initially, manually adjusted by TRIM administrator
─ Based on Org Unit, Group membership, other identity attribute
─ Configurable via On-Boarding application
![Page 40: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/40.jpg)
Case Study
• Government Department in Victoria• Involves multiple systems• Simple workflow via email• ‘Best guess’ for access based on Org Unit
then modified/approved by TRIM administrator
![Page 41: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/41.jpg)
OBA
Meta
1
1. Create new user request2. User created, basic services activated3. For eligible users, email sent to requestor, link to TRIM form4. Form completed by requestor, TRIM location(s) confirmed, submitted to Web App5. Web App queries DMC re TRIM client installation, emails ARS Remedy if required6. Enquiry User account created in TRIM7. User added to TRIM mailing lists in Notes
3
Web App
Requestor
4
2
DMC
6
7
5a
5b
![Page 42: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/42.jpg)
Conclusion
• IDM integrated with TRIM can
─ Reduce the cost of managing user and access management
─ Provide timely and secure access to services like TRIM
─ Increase business leaders trust in IT, in regard to compliance
─ Reduce the risk of human error
─ Strengthen security without raising costs or diminishing productivity
![Page 43: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/43.jpg)
Questions?
![Page 44: To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you:](https://reader036.fdocuments.us/reader036/viewer/2022062521/568168b8550346895ddf9adc/html5/thumbnails/44.jpg)
Directory Concepts
• Come and visit us if you have any further questions or would like more information on Identity Management