1.1.4 Sharing Identity Information

In today’s business environment, only a few organizations stand alone. More than likely, you have trusted business partners with whom you need to share resources in a secure manner. For example, you have business services, such as a 401k management system, to which you need to provide employee access. Or, maybe your organization is the one providing services to another business. Access Manager provides federated identity management to enable users to authenticate seamlessly and securely across autonomous identity domains.

For example, assume that you have employees who need to access your corporate applications, several business partners’ applications, and their 401k service, as shown in the following diagram:

Each identity domain (your organization, your partner’s organization, and 401k service) requires an account and authentication to that account to access the resources. However, because you have used Access Manager to establish a trust relationship with the business partner and the 401k service, your employees can log in through Access Manager to gain access to the authorized resources in all three identity domains.

Access Manager enables your employees to access resources from business partners and service providers. It also lets business partners access authorized resources on your network. The following figure illustrates this type of access.

In addition to simply linking user accounts in different identity domains, Access Manager also supports federated provisioning, which means that new user accounts can be automatically created in your trusted partner’s (or provider’s) system. For example, a new employee in your organization can initiate the creation of an account in your business partner’s system through Access Manager rather than relying on the business partner to provide the account. Customers or trusted business partners can automatically create accounts in your system.

Access Manager leverages identity federation standards including Liberty Alliance, WS-Federation, WS-Trust, and SAML. It also enables you to identify risks associated with login attempts, mitigate the risk, and take action based on risk severity. This foundation minimizes—or even eliminates—interoperability issues among external partners or internal work groups. In fact, Access Manager features an identical configuration process for all federation partners whether they are different departments within your organization or external business partners.