GraphTalk Wien - Neue Wege zum erfolgreichen Identity & Access Management mit Graphen
How Graphs Revolutionize Identity &
• Identity and Access Management Overview
• What is a graph database?
• Why is Neo4j a great fit for IAM?
• Great customer stories
• Links to resources and videos
“Ensuring the right individuals have access to the right resources at the
right times and for the right reasons”
What do we need to do (at least)?
• Define identity
• Define the structure of an organization
What is Identity and Access Management?
Jane Smith the…
• Business Analyst for Customer Support at ABC Inc.
• interim Head of BI and Reporting at ABC Inc.
• line manager of Joe Brown, who’s working on a Strictly
Confidential portfolio at ABC Inc.
• employee of ABC Inc.
• and so on...
What is Identity?
It looks like a hierarchy...
So what does ABC Inc. look like?
What about “dotted lines”?
What about “Conditional Approvals”?
• Distributed access across on premise and in the cloud for in-
house/custom off the shelf/SaaS applications
• De-centralized resources that are assigned to people rather
• The rise of IoT and different identities that people and services
assume in different contexts
Modern challenges for IAM
• Multiple and conditional approval levels
• History of approval chains / time series (eg „who approved at 5th
of July User xyc access to system abc?“)
• GDRP and Compliance
• Adding new use cases as needed
• Changing hierarchies on the fly10
… other challenges for IAM
What is a graph database?
name: “Joe Brown”
• Can have Labels to classify nodes
• Can have more than one label
• Relate nodes by type and direction
• Attributes of Nodes &
• Authorization data model maps closely to the conceptual view
• Closer alignment to processes
• Easy to understand code to query and explore the data
• Pain-free to update and modify model structure as and when required
• Traversing the authorization tree is fast, providing real-time
Why Neo4j is a great fit for IAM
Three potential approaches:
• Create a graph-based repository to store identity and access
• Integrate Neo4j with current IAM data for authorization
• Import IA data into Neo4j to perform audit
How can Neo4j fit into IAM approaches?
Find out more about IAM implementations in Neo4j:
• Telenor: www.youtube.com/watch?v=kM2NWM0t-2s
• ForgeRock/Nulli: www.youtube.com/watch?v=R9Vdm2ZqlpQ
Have a go with Neo4j and an IAM example:
Check it out