Many mid to large corporations today have environments which consist of both on-premises and SaaS solutions that are constantly growing in number. These companies may also utilize one or more cloud providers. Managing identities across this diverse landscape can be challenging in the absence of a suitable IAM platform. Consider the effort to:
Additionally, there is the risk related to not disabling these accounts in a timely manner; how many orphaned accounts are there in the environment today?
At some of our multi-national customers, this landscape increases in complexity as some applications are only available to regional users and others are available to the global user community. The challenges related to globally distributed companies will be explored in detail in an upcoming post.
Aside from the complexity and high cost of managing this diverse landscape, there are additional requirements to enforce security and comply with regulatory mandates. The need for governance has never been higher and traditional IAM solutions were not designed to meet the challenges imposed by this type of environment.
OpenIAM has been helping companies solve these challenges for years by delivering a unified, feature complete IAM platform which has the flexibility to be adapted to each customer’s varying business requirements.
OpenIAM provides a comprehensive set of Identity Governance & Administration (IGA) features that enable control as well as reduce the time and effort needed to manage identities across connected systems. To ensure that users only have access to what they need, OpenIAM provides functionality to:
The automated lifecycle functionality is complemented by a self-service portal which empowers end-users by allowing them to:
To fulfill regulatory requirements, access certification is provided. Access certification contains functionality to:
The OpenIAM Governance platform is described in detail on our Workforce Identity Overview page.
The functionality described above is the result of the functionality found in the service layer and integration options enabled by the flexible deployment architecture.
In the diagram above, the services are grouped into categories such as Shared Services and IDM Services. Each category may contain several services. These services may utilize infrastructure services like Vault, where secrets are maintained, or Redis, which is a distributed in-memory cache. Communication between the services is performed through RabbitMQ. Besides decoupling the services, the message bus also allows for services, especially the connectors, to be moved around. Consider the following scenario where OpenIAM is deployed at a cloud service provider but needs to integrate with both cloud and on-premise applications.
The diagram above shows that connectors which need to integrate with on-premise systems are deployed on-premise in a “connector VM”. Each of the connectors in the VM communicate with OpenIAM in the cloud through the message bus. As a result of this model, only one (1) IP address and one (1) port need to be opened regardless of the IP and port requirements of the end application. This communication is further protected over a VPN.
In this example, OpenIAM is already in the cloud and no special access is required to integrate with SaaS applications.
As highlighted above, OpenIAM provides rich business and technical functionality to allow integration with applications regardless of whether they are in the cloud or located on-premise.