2. Stay connected to Allidm
Find us on Facebook:
http: //www. facebook.com/allidm
Follow us on Twitter:
http: //twitter.com/aidy_idm
Look for us on LinkedIn:
http: //www. linkedin.com/allidm
Visit our blog:
http://www.allidm.com/blog
3. Disclaimer and Acknowledgments
The contents here are created as a own personal endeavor and
thus does not reflect any official stance of any Identity and
Access Management Vendor on any particular technology
4. Contact Us
On this presentation we’ll talk about some useful topics that
you can use no matter which identity and access management
solution or product you are working on.
If you know one that make a big difference please tell us to
include it in the future
aidy.allidm@gmail.com
5. What’s Cloud
Cloud computing refers to applications and services
that run on a distributed network using virtualized
resources and accessed by common Internet
protocols and networking standards.
6. Why Identity and Access
Management Cloud?
More IT services are moved to the cloud, determining
who has access to which cloud service is vital to
ensuring privacy and security, as well as the overall
performance of the cloud model.
It also can be complex, especially when multiple cloud
models delivering multiple cloud services are
involved.
7. What look for an IAM Cloud Solution?
User Management
User provisioning
Account management policies
Profile management
Authentication Management
Authorization Management
Investigation support
Logs and audit trails
Compliance management
Regulations such as SOX, the Gramm-Leach-Bliley Act (GLBA), and HIPAA
industry standards such as PCI DSS
8. What look for an IAM Cloud
Solution?...
Federation
Privileged user management
Developer user management
End user management
9. Identity Cloud
The two major IAM solutions you need to look on the cloud are
Single Sign-On ( SSO ) to the Cloud
Users authenticate once and then access multiple Cloud Solutions
without having to log on every time they accessed the system again.
Admin users to have multiple sessions through different browsers
open simultaneously
Provision Cloud Applications
Automated and integrated key IAM functions such as identity and
access governance, user provisioning and password management
Manage user identity attributes on those accounts in Synch
10. Non Technical Identity Cloud
Features
No hardware, software or administration costs
Pay-as-you-go, scalable model
Service levels up to 7×24×365
11. Technical Identity Cloud Features
Deployment option with private cloud, public cloud or
hybrid model
Connect to every customer and partner securely
Synchronize Provisioning and user profiles updates among
Cloud applications
User provisioning/de-provisioning
Automated de-provisioning
Assign rights and access based on identity and role
Detect when a user has been terminated and deprovision
Role Based Provisioning Workflow
12. Technical Identity Cloud Features
Password management and synchronization
Strong Authentication
Two-factor authentication
One-time password
Audit, Compliance and Reporting.
Advanced reporting on user access
13. Support popular target systems
Salesforce
Google Apps
Microsoft Live
Workday
Taleo
Microsoft Business Productivity Online Services
(BPOS)
SPML enabled cloud services
14. Common Identity Cloud Use
Cases
Employees and on-site contractors of an organization
accessing a SaaS service using identity federation
with corporate identities and credentials
IT administrators accessing the Cloud management
console to provision resources and access for users
using a corporate identity
e.g., IT administrators provisioning virtual machines or
VMs in Amazon’s EC2 service
Developers creating accounts for partner users in a
Cloud platform
15. Common Identity Cloud Use
Cases
End users accessing storage service in the cloud and
sharing files and objects with users, within and
outside a domain using access policy management
features
An application residing in a cloud service provider
accessing storage from another cloud service
16. IAM Cloud Standards
SAML
avoid duplication of identity, attributes, and credentials
and provide a single sign-on user experience for users
SPML
Automatically provision user accounts with cloud
services
Automate the process of provisioning and
deprovisioning
XACML
Provision user accounts with appropriate privileges