Once your identity data is efficiently collected and stored, the next step is to make effective use of it. There are two typical business functions that leverage your identity data:
- authentication – verifying a user’s right to access controlled resources
- authorisation – controlling access to a corporate resource based on the authenticated user’s attributes.
Authentication typically uses an enterprise directory that allows computer applications to query the data store to determine the requestor’s credentials to access the requested resource. Microsoft’s Active Directory is often used for this function but repositories such as Oracle Unified Directory and NetIQ’s eDirectory are other options. A significant factor these days is the “cloud”; this can complicate the selection of an identity data repository and requires an organisation to determine their cloud strategy before selecting a solution.
Authorisation is also company-specific; it is necessary to know the access management requirements before designing an authorisation solution. If a simple web access management tool is required there are many options. If a mixture of on-premise and cloud applications are used, a federated solution will be required. In a “green field” environment the entitlements management system should be considered.
Governance is also an important part of your authentication and access control services. Ideally governance should be policy based with a central policy administration tool to implement access controls established on a cross-company basis.