Home
Centralize Access Control PDF Print E-mail
Over time, the propagation of Identity information each of these applications resulted in its own profile and privilege database.  For smaller organizations, this may be manageable, but for larger organizations, the challenge of managing users access to these applications becomes an overwhelming task.

Although most provisioning systems are capable of automating account creation in a wide variety of systems, applications and databases, this blatant propagation of identity information makes centralizing access control extremely difficult, if not impossible.

A Comprehensive Plan

In order to manage and maintain an effective access control environment, today's IdM solutions require a more comprehensive strategy rather than an application-by-application approach.  Although, there will always be some systems that will require their own repository, the overall goal should be to reduce the propagation of Identity data in favor of a more centralized access control framework.  What you should end up with is a solution that initially addresses subset of high-priority, key applications. with follow-on phases for prioritizing and integrating the remaining applications into the framework over time.

A Directory-centric Approach

Acting as 'windows clients’, once integrated into Active Directory, these non-windows systems become part of the windows infrastructure.  They can be secured, managed and controlled just like any other Windows machine on the network.

These systems and applications share a common security framework provided by Kerberos and Active Directory. Users can participate in SSO using only their active directory credentials.

User accounts are centrally managed through Active Directory. System administrators can easily create, enable, disable and remove users and permissions from one place.

Standardized security controls and configuration policies can be centrally managed through Windows Group Policy. Configurations can be pushed to each non-windows machine and enforced through Active Directory.

Privileged accounts and fine-grained user control (including sudo), can be controlled across the entire environment from within Active Directory.

Applications running on those systems can also leverage the Kerberos framework. They can be secured through Active Directory and participate in SSO regardless of their platform or operating system.