Tivoli Identity Manager Case Study

Federated access management enables security-rich collaboration in the cloud

IBM® Tivoli® Federated Identity Manager provides web and federated single sign-on (SSO) to users throughout multiple applications. It uses federated SSO for security-rich information sharing for private, public and hybrid cloud deployments. Now you can enable security-rich business collaboration in the cloud.

Tivoli Federated Identity Manager:

  • Helps businesses collaborate more securely—by providing federated SSO and an identity mediation service.
  • Supports open standards—to give employees access to cloud-based applications.
  • Delivers an identity management solution—with modular software that supports IBM z/OS® environments and entry-level software that enables collaboration with small-to-midsize business partners.

Helps businesses collaborate more securely

  • Delivers SSO for separately managed infrastructure domains, both within and throughout an organization.
  • Provides policy-based integrated security management for federated web services.
  • Provides a powerful identity mediation service for cloud, software-as-a-service (SaaS) and web services implementation.
  • Manages, maps and propagates user identities. This reduces administrative costs, establishes trust and facilitates compliance.
  • Provides a simpler, loosely-coupled model for managing identity and access to resources that span companies or security domains.

Supports open standards

  • Supports user-centric identity management through integration with open standards frameworks, such as OpenID and Information Card profile.
  • Uses identity selectors from Microsoft Windows CardSpace and the Higgins Trust Framework, which do not require sharing metadata between identity and service providers.
  • Supports the emerging OAuth open standard for authorization along with Security Assertion Markup Language (SAML), OpenID, Liberty, WS-Federation, WS-Security and WS-Trust.
  • Uses IBM Tivoli Federated Identity Manager Business Gateway for federated SSO. This software provides expanded token support to include WS-Federation, Information Card Profile and OpenID in addition to SAML. It also provides a security-rich token service, supporting WS-Trust, username, SAML, Resource Access Control Facility (RACF), X590 and Kerberos tokens.

Delivers an identity management solution

  • Simplifies integration and web access management for Java, .NET and mainframe-based applications and services.
  • Simplifies administration and allows you to extend identity and access management to third-party users and third-party services.
  • Enables you to control access to applications based on the user’s role in the organization.
  • Allows organizations to share trusted identities and policies about users and services.
  • Provides concurrent support for all leading federated SSO products. This allows you to collaborate with a wide variety of partner organizations.

Tivoli Federated Identity Manager resources

Imagine this scenario. An employee gets married and her last name changes. Human Resources receives the required documentation and updates the employee’s last name. Now that the W2 has been changed, how long will it take this change to get propagated to the email system? How many people will be involved? How many phones calls will be made wondering why the name hasn’t been updated? Shouldn’t there be a simpler process?

With IBM Tivoli Identity Manager (ITIM) this last name change can automatically be replicated to multiple ITIM controlled systems with just the change to HR and without the need of any more human intervention.

ITIM automatically detects the change to the person’s last name and then triggers name change updates to multiple ITIM controlled systems including Active Directory, LDAP and database repositories. These updates occur in real time and the new last name is available for all to see.

This auto magical event is achieved with ITIM by using Out of the Box configurations.

  • IBM Tivoli Directory Integrator with its multiple connectors connects to the HR data source and detects the change to the person last name. This User Data change is sent to ITIM.
  • Tivoli Identity Manager receives the User Data Change. The user data change triggers an update to the different ITIM controlled Services.
    • Active Directory attributes including the Display name are updated using the Out of the Box Active Directory Adapter Connection.
    • LDAP name attributes are updated using the Out of the Box LDAP Adapter
    • A custom database’s name attributes are updated using a Database connection.
  • The newlywed employee is pleased that her new name is available in the email system, the corporate directory or wherever the updates took place. Oh Yeah!

Of course, Tivoli Identity Manager is not just limited to changing the last name of a newlywed. Processing input from an HR feed, ITIM with its array of adapters can automatically provision new accounts, suspend and restore accounts, delete accounts or add or remove account accesses based on person information such as roles and/or department information.

ITIM capabilities can provide automation for the entire employee or non-employee lifecycle from provisioning and access control to role compliance and reporting.

If you need help with Tivoli Identity Manager, please feel free to visit our website or contact us at 817-704-3644.

Mark Adamson
IBM Certified Deployment Professional – Tivoli Identity Manager V4.6 / V5.0 / V5.1

Categories: 1

0 Replies to “Tivoli Identity Manager Case Study”

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *