Federated Identity Access Control
Federated Identity Access Control enables your organization to have a common set of security policies, access profiles, practices and communication protocols in place to manage the identity and trust of IT users and endpoints. Federated Identity Access Control allows users to reuse electronic identities across distributed enterprise architecture whilst maintaining security trust and posture level; saving administrators redundant work in maintaining user accounts.
With Federated Identity Access Control, organizations are able to federate user identities and access profiles across distributed enterprise architectures that are working in security silos. Enabling user identity portability and access privileges across autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Identity federation comes in many flavors, including “user-controlled” or “user-centric” scenarios, as well as enterprise controlled or B2B scenarios.
Federation is enabled through the use of open industry standards, such that multiple vendors and solutions can achieve interoperability for common use cases. Trusted Network Computing Group has developed such an open standardized protocol IF-MAP (Interface for Metadata Access Point) that allows this exact federation across diverse enterprise systems. Use-cases involve things such as cross-domain access, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange.
Use of identity federation can reduce cost by eliminating the need to scale one-off or proprietary solutions whilst also centralizing security policies that can be dynamically allocated across distributed environments. It can increase security and lower risk by enabling an organization to identify and authenticate a user once, and then use that identity information across multiple systems, including external partner websites. It can improve privacy compliance by allowing the user to control what information is shared, or by limiting the amount of information shared. And lastly, it can drastically improve the end-user experience by eliminating the need for new account registration through automatic “federated provisioning” or the need to redundantly login through cross-domain single sign-on.
DTS solution can provide consulting services on Federated Identity Access Control technologies, help you understand where federation can assist your organization in improving your overall user identity management and maintaining a consistent security profile.