org access management: technical details
TRANSCRIPT
![Page 1: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/1.jpg)
30.10.2013
FSP GmbH | Product Presentation
![Page 2: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/2.jpg)
Company Overview
Product Presentation
Access Governance Suite
Live Demo
Discussion
30.10.2013 ORG Product Presentation 2
Agenda
![Page 3: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/3.jpg)
30.10.2013 ORG Product Presentation 3
Founded in 2002
Headquarters: Cologne
Represented throughout
Germany
40 employees
Company Overview
![Page 4: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/4.jpg)
Business Consulting
• Access Governance Concepts
• Process Optimization
• Project- / Test Management
IT Consulting & Development
• Software Development
• IT Security
• IT-Project- / Test Management
30.10.2013 ORG Product Presentation 4
Company Overview: Software & Consulting
Software
![Page 5: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/5.jpg)
Company Overview: Customers
30.10.2013 ORG Product Presentation 5
![Page 6: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/6.jpg)
Company Overview
Product Presentation
Access Governance Suite
Live Demo
Discussion
30.10.2013 ORG Product Presentation 6
Agenda
![Page 7: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/7.jpg)
30.10.2013 ORG Product Presentation 7
Access Management:Conventional method
Employee
New Entry, Fluctuation,
Departmental Change
Individual Systems often use Individual RightsSeveral System-Administrators
SAP HR SAP-Role
RACF Group
Indiv. Applications Groups / Individual Rights
P&C Administration Individual Rights
Partner System Individual Rights
Notes/Outlook Group
LDAP e.g. Group Membership
Databases Indiv. / Role
![Page 8: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/8.jpg)
30.10.2013 ORG Product Presentation 8
Solution: ORGCentral administration of user rights
Central, lean AdministrationEmployee
New Entry
Fluctuation
Departmental Change
External
Known customer
Prospect
…
Interfaces:
SPML-Systems:- Novell Identity Manager
- IBM Tivoli Directory Integrator
- openSPML
Directory Systems‐ Microsoft AD
‐ IBM Tivoli Directory Server
‐ openLDAP
- Novell eDirectory
- SUN one Directory Server
- …
Other systems‐ SAP R3
‐ RACF
‐ INTERFLEX
APIs- Java (SE & EE)
- Windows / Unix (C)
- z/OS (Cobol, PL/1, C)
User Rights based on:
- Roles/Rights model
- Attributes
automated provisioning
![Page 9: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/9.jpg)
30.10.2013 ORG Product Presentation 9
ORG Architecture:Basis for USPs
![Page 10: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/10.jpg)
30.10.2013 ORG Product Presentation 10
Model: Entities
Position
Client
User
Location
Permissions
Competence scheme
Competence
Role model
Role
Role group
Role conflict
Organizational-
Unit
Organizational
Structure
![Page 11: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/11.jpg)
30.10.2013 ORG Product Presentation 11
Model: Historicizing, life cycle
Expired or deleted
Status:
current
Historicizing of all changes of an
object or a relation between objects
including the initiator and the time
Status:
historicized
No physical deletion:
The database entry is
marked as „deleted“
Edit or delete
Tim
e
CreateStatus:
future
![Page 12: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/12.jpg)
30.10.2013 ORG Product Presentation 12
SPML Webservice: Architecture
Interface to approval workflow:
• ORG Approve
• Lotus Notes
• SharePoint
• etc.
• Interface to higher-level systems:
• HR-Systems (z.B. SAP HR, …)
• IDM-Systems (z.B. IBM TIM, Novell IDM, …)
• etc.
![Page 13: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/13.jpg)
30.10.2013 ORG Product Presentation 13
Approval Workflow (with ORG Approve)
• Self Service
• Appliable permission requests depend on the owners role(e.g. a normal employee is not permitted to request an executive‘s role)
• 4-eyes principle supported(parallel and sequentially)
• MaRisk AT 7.2 conform
![Page 14: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/14.jpg)
30.10.2013 ORG Product Presentation 14
Standard: RBAC
![Page 15: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/15.jpg)
30.10.2013 ORG Product Presentation 15
Model: Standard software
Modeling
• User and Role are always available.
• Position, Role group andOrganization Unit are optional.
Typical use
• Storage systems with their owndetailled permissions.
• E. g. the system has to enable rolesor groups to carry authorizations.
Examples
• LDAP-Directory (z.B. Active Directory)
• SAP
• RACFIndiv. rights
Organization
- unit
User
Role or group
External system
User
Position
Role group
Role
![Page 16: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/16.jpg)
30.10.2013 ORG Product Presentation 16
ORG Connector: Architecture
![Page 17: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/17.jpg)
30.10.2013 ORG Product Presentation 17
ORG Connector: Attribute mapping
Attribute mappings are free configurable
Source in ORG can be:Attribute of the user
Values of a users competence to a random Competence Scheme
Composite values via formation rule
![Page 18: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/18.jpg)
30.10.2013 ORG Product Presentation 18
USP: Fine GrainedAttribute based, more than role based
![Page 19: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/19.jpg)
30.10.2013 ORG Product Presentation 19
Model: Homegrown software
Modeling
• Users and competency scheme arealways available
• Position, role group, role and OUare optional.
• Competencies can be defined forusers, roles or positions.
Typical use
• House developments
• Systems in which an exit is provided for the procurement of allowances.
Organization
- unit
Competence scheme
User
Position
Role group
Role
Competence
![Page 20: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/20.jpg)
30.10.2013 ORG Product Presentation 20
ORG APIs: Access to runtime db
![Page 21: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/21.jpg)
30.10.2013 ORG Product Presentation 21
Process logic: Runtime DB access
• The Process-logic is basically at all APIs the same.
• It makes sense to summarize all functional authorizations of a application to one specific Functional
Authorization capsule.
Verify the payout
Result (Yes or No)
hasCompetence(userid,“PayoutContract“,“Life“,value
)
Result (Yes or No)
Database-consultation
Functional
Authorization capsule
isPayoutPermitted(userid,value)
Application
lifeORG
API
![Page 22: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/22.jpg)
Interfaces
SPML systems:
• Novell Identity Manager
• IBM Tivoli Directory Integrator
• openSPML
Directory systems:
• Microsoft Active Directory
• IBM Tivoli Directory Server
• openLDAP
• Novell eDirectory
• SUN one Directory Server
• ApacheDS
• RACF LDAP-Server
• other systems
Other connectors available for:
• SAP R3
• RACF
• SharePoint
• INTERFLEX
APIs available for the following platforms:
• Java (SE & EE)
• Windows / Unix (C)
• z/OS (Cobol, PL/1, C)
30.10.2013 ORG Product Presentation 22
![Page 23: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/23.jpg)
• Single Point of Administration and Control
• Reduction of Time, Cost and Complexity
• History management / Revision proof
• Supports RBAC / ABAC
• Integration in company-wide environments is proven
• Integration of organizational structure information
• Distributed and delegated administration (configurable)
• Multi-client capable
• High performance & fail save
• Corporate Design applicable
30.10.2013 ORG Product Presentation 23
Summary
![Page 24: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/24.jpg)
Company Overview
Product Presentation
Access Governance Suite
Live Demo
Discussion
30.10.2013 ORG Product Presentation 24
Agenda
![Page 25: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/25.jpg)
30.10.2013 ORG Product Presentation 25
Access Governance Suite
![Page 26: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/26.jpg)
Company Overview
Product Presentation
Access Governance Suite
Live Demo
Discussion
30.10.2013 ORG Product Presentation 26
Agenda
![Page 27: ORG Access Management: Technical Details](https://reader033.vdocument.in/reader033/viewer/2022042700/558e2f361a28ab3b618b4600/html5/thumbnails/27.jpg)
30.10.2013 ORG Product Presentation 27
Live Demo
FSP GmbH
Consulting & IT-Services
Albin-Köbis Straße 8
D-51147 Cologne
Tel.: +49 (0) 2203 / 371 000 – 0
www.fsp-org.com