Digital identity
In any modern organization, regardless of its scale, users are represented in the form of digital identities that must be effectively managed.
General information

Our solutions in the field of identity management allow us to create a holistic environment for managing digital identities, both for ordinary and privileged users.

One of the biggest challenges related to IT security is the proper process of account and privilege (access) management. According to the best practices, the principle of the so-called least privileges should be observed, which means that accounts should be active at a time when there is a need to use them, while the level of user's privileges should result from the actual functions that he or she performs.

It enforces the functioning of the following processes:

  • creation/modification/deletion of accounts,
  • management of requests for privileges / granting privileges,
  • management of passwords (enforcement of periodical changes, distribution of passwords for new accounts, etc.).

In many organisations, this process is performed without the use of dedicated automation tools, which can lead to:

  • having excessive privileges by users,
  • existence of accounts which should not be present in the systems (e.g. after termination of employment or change of the employee's duties),
  • lack of possibility to determine the privileges (e.g. what privileges the user has or which users have specific privileges/access).

The vast majority of companies and organisations continue to use manual methods of management of access to IT system resources. Creating an account for a new employee, modifying privileges, blocking or deleting an account is still a process that requires the participation of many people and tools. It generates increased costs related to human resources (in IT/Security teams), but it does not guarantee the appropriate level of security management (mistakes, delays and other issues may occur in a manual process).

Meanwhile, we have proven and very efficient solutions at our disposal, which are called Identity Management Systems (IDMs), as well as additional supporting systems, which make it possible to automate the entire process of management of privileges the user has in an IT system.

In order to address identity management comprehensively, all key areas of that process need to be addressed:

  • management of accounts, passwords and privileges, automatic propagation in the systems applied in the organisation,
  • management of the process of requesting for / acceptation of privileges,
  • reporting, process of recertification (re-verification of legitimacy of the granted privileges carried out periodically),
  • management of accounts in the cases where the database of identities is located outside the organisation (e.g. in the case of cooperation with subcontractors or as a result of a merger),
  • management of passwords, including passwords to privileged accounts.

The solutions offered by APIUS meet all the abovementioned features and are based on four basic elements:

1. NetIQ Identity Manager – a comprehensive IDM-class system for managing accounts and privileges, which addresses three key areas:

  • support during the full life cycle of accounts and privileges, while offering full automation at the same time,
  • support for the process of requesting for / granting privileges in the RBAC model (role-based),
  • reporting, full traceability of the granted privileges.

2. NetIQ SecureLogin – a system enabling carrying out of a single sign-on process (SSO) in all systems used by the organisation.

3. PingIdentity PingFederate – FIM-class system allowing to create an identity management federation (e.g. when the database of identities is divided between two entities).

4. Liebermam RED – PIM-class system allowing to manage privileged accounts/access.

Identity Management Systems (IDM) – they constitute proven and very efficient solutions enabling automation of the whole process of management of privileges the user has in an IT system.

Our portfolio of solutions allows for effective and comprehensive supervision of digital identities throughout their life cycle, in particular by offering:

  • automation of the process of creation/modification/deletion of accounts in IT systems,
  • management of the granted user privileges/access,
  • possibility to effectively manage passwords for both ordinary and privileged users,
  • management of the process of requesting for access (circulation of documents, accepting),
  • control of access to privileged accounts (administrators, accounts related to services, accounts used in applications),
  • possibility of carrying out the so-called single sign-on (SSO) process,
  • creation of the so-called identity management system federation – e.g. in the case of a merger of two companies or cooperation with external entities (without the need to duplicate accounts in the systems of both entities).

Obviously, the selection of specific tools will depend on the specific processes implemented in a given organisation.

Our partners in the field of Digital Identity Management
See also