Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GraphTalk Wien - Neue Wege zum erfolgreichen Identity & Access Management mit Graphen

Neo4j Graphtalk Wien
Stefan Armbruster, Neo4j

  • Be the first to comment

GraphTalk Wien - Neue Wege zum erfolgreichen Identity & Access Management mit Graphen

  1. 1. How Graphs Revolutionize Identity & Access Management Stefan Armbruster Field Engineer
  2. 2. • Identity and Access Management Overview • What is a graph database? • Why is Neo4j a great fit for IAM? • Great customer stories • Links to resources and videos 2 Agenda
  3. 3. “Ensuring the right individuals have access to the right resources at the right times and for the right reasons” What do we need to do (at least)? • Define identity • Define the structure of an organization 3 What is Identity and Access Management?
  4. 4. Jane Smith the… • Business Analyst for Customer Support at ABC Inc. • interim Head of BI and Reporting at ABC Inc. • line manager of Joe Brown, who’s working on a Strictly Confidential portfolio at ABC Inc. • employee of ABC Inc. • and so on... 4 What is Identity?
  5. 5. It looks like a hierarchy... 5 So what does ABC Inc. look like?
  6. 6. 6 What about the non-hierarchy links?
  7. 7. 7 What about “dotted lines”? ABC Inc (CEO) IT Dept Risk Analysis “Security and Compliance”
  8. 8. 8 What about “Conditional Approvals”? ABC Inc (CEO) IT Dept General access “access to sensitive data” “Security and Compliance”
  9. 9. • Distributed access across on premise and in the cloud for in- house/custom off the shelf/SaaS applications • De-centralized resources that are assigned to people rather than roles • The rise of IoT and different identities that people and services assume in different contexts 9 Modern challenges for IAM
  10. 10. • Multiple and conditional approval levels • History of approval chains / time series (eg „who approved at 5th of July User xyc access to system abc?“) • GDRP and Compliance • Performance • Intuitivity • Agility: • Adding new use cases as needed • Changing hierarchies on the fly10 … other challenges for IAM
  11. 11. 11 Perhaps a better fit?
  12. 12. 13 What is a graph database? name: “Joe Brown” employeeID: 456 name: “Jane Smith” employeeID: 123 from: 1/3/2018 Nodes • Can have Labels to classify nodes • Can have more than one label Relationships • Relate nodes by type and direction Properties • Attributes of Nodes & Relationships MANAGES Employee Employee from: 1/6/2017 from: 1/3/2018 name: “Business Analyst” Role
  13. 13. Design • Authorization data model maps closely to the conceptual view • Closer alignment to processes Maintenance • Easy to understand code to query and explore the data • Pain-free to update and modify model structure as and when required Performance • Traversing the authorization tree is fast, providing real-time authorization capability 14 Why Neo4j is a great fit for IAM
  14. 14. Three potential approaches: • Create a graph-based repository to store identity and access information metadata • Integrate Neo4j with current IAM data for authorization • Import IA data into Neo4j to perform audit 15 How can Neo4j fit into IAM approaches?
  15. 15. 16 Demo
  16. 16. 17
  17. 17. 18
  18. 18. Find out more about IAM implementations in Neo4j: • Telenor: • ForgeRock/Nulli: Have a go with Neo4j and an IAM example: • 20 Check it out
  19. 19. 21 Save the date: