Identity & Access Management (IAM) is a broad administrative area that deals with identifying individuals in a system (who you say you are) and controlling the privileges within that system by associating user rights and restrictions with the established identity based on roles and functional. In an IT environment, Identity & Access Management software is used to automate administrative tasks, such as password management, self-services, roles definition and rights and etc.
Identity & Access Management solution is mostly used in enterprise environment to increase security and productivity, while decreasing cost and redundant effort, as well as tools for enterprise to compliant with Industrial Security Standard such as Sarbanes Oxley, ISO 27001, PCI, GPIS and etc.
Enterprises who have embarked on an IAM project will have its unique requirements that required heavy customization especially dealing with its daily operational support. Identity Pathfinder tm was developed as an companion product to fill up this gap. It is well integrated into the industrial common Identity & Access Management product suites by providing flexibility and customized features and functionalities that are not "out-of-the-box".
Technical Specification
Identity Pathfinder tm is designed with a simplified web interface for end users to self-manage passwords, perform account activation & deactivation activity and updating profiles related to the managed applications. Identity Pathfinder tm is equipped with internationalization and modular skin design to suit the industrial common Identity and Access Management suite.
Some features & functionalities of Identity Pathfinder tm inclusive of:
User Management Module
-
Simple User Profile with Identity Verification Data
-
Users can be organized into a Multi-Level Organization Hierarchy
-
Users can be grouped by membership for Security Access Control
System Security Management
-
3-way mutual authentication possible (i.e. application level, database level).
-
Segregation of duties by role assignment
-
Enable access control to screen tasks of web application to be granularly defined by user group membership
-
Security Policy to control dormant account
Password Management
-
Extensive password quality complexity policy
-
Password History is supported
-
Challenge Response Set as alternate authentication factor
-
Different set of questions for different users are possible
-
User definable challenge questions are possible
-
Questions are randomly prompted to user being challenged
-
Anti-hacking by limit the number of attempt
Multiple Heterogeneous Target Resource Password Management
-
Users' Target Resources account passwords are not stored locally
-
The following operations are supported on Target Resources
-
Initial setting of first time password
-
Password change
-
Lost password recovery
-
Unlocking account
-
-
All operations, except Password Recovery, are authenticated to the Target Resource as the user completes the operation
-
Anti-hacking by limiting the number of login attempts
Audit Management
-
All operations on users' accounts are recorded for log auditing purposes
-
All table level operations are recorded for log auditing purposes
Data and Communication Security
-
Target Resource Service Account password is encrypted and stored locally using AES
-
Users' passwords are hashed and stored locally using SHA2
-
User Verification Data is hashed and stored locally using SHA2
-
Password history is hashed and stored locally using SHA2
-
Challenge Response is hashed and stored locally using SHA2
