Building a human-centered identity security governance system
Bamboocloud Unified Identity Management
helps your organization easily handle the following challenges
-
Increasing number of users and applications
Along with the organization's information construction, the number of applications and user types is increasing. -
Account management process is not unified
Each application administrator independently manages the operation of adding, deleting, changing and checking the application accounts. -
Long account application process
It takes 3-5 working days from employee entering to account and permission opening, which affects office efficiency. -
Various password rules for each application
Various password complexity rules for each application, no password complexity requirements. -
Waste of resources
When a new business system is built, if no suitable system is found for reuse, a new user management system has to be built, resulting in a waste of IT resources due to repeated construction. -
Lack of unified management norms
Lack of a unified specification for application account management and application integration.
is unified identity management?
Realize best practices related to identity management, which can extend identity rights management to various types of users as well as application systems, including in-enterprise applications, mobile apps, SaaS tools, etc., without breaking security. It opens up information silos, builds a human-centered identity security governance system, realizes unified risk control and compliance audit of user access behavior in different latitudes for internal personnel, outsourcers, partners, and public users, as well as realizes electronic identity can effectively improve the process efficiency, realize the automated control of account authority creation and disabling, and avoid the backdoor caused by human misoperation.
Diagram of Solution Overviw
Solution Architecture
Bamboocloud IAM obtains authoritative organization and user data from the upstream data source HR system, and allows administrators to import it or users to enter it through self-registration, thus forming information system organization and user master data. According to the user's organization, department, position, etc., IAM automatically assigns the corresponding account number and permissions to users, and synchronizes these accounts and permissions to OA, mail, user directory and other applications in real time. Realize automation of application account management and efficient transfer of identity.
Rapid Integration
Through an open and standard identity integration interface, the platform can quickly integrate with the target application system.
-
Personnel master data
Person, organization and authority are unified data source by IAM. -
Efficient identity circulation, Account management automation
By obtaining authoritative organization and user data from the upstream data source HR system, corresponding application accounts and permissions are automatically assigned to users. -
Identity view
The isolated and scattered identity lack the unified identity view.
-
Establishing the organization and user master data.
-
Automatic account synchronization, automatically add, update, invoke, forbidden, and delete application accounts.
-
Integrating different types of users into the unified management.
-
Automated management of the full lifecycle of application accounts.
-
Identifying high-risk accounts such as duplicate accounts and orphan accounts in the application.
-
Identitying data compliance audit and providing user statistics, account statistics and account compliance audit reports
-
Unified password policy
Unified management process
Unified access specification
-
Supporting for Docker deployment, microservices and cloud deployment.