Identity Management

Identity Management services are the mechanisms that automate and manage the IT process of identifying an individual, classifying the individual to a specific class of security, authenticating an individual when they request access, and finally authorize the individual’s specific permissions for that request.


The Identity Management service includes an enterprise directory, identity management system, access control (authentication and authorization services), resource provisioning management, and administration tools to manage the directory and other associated functions (see Figure 1).




The Identity Management program will define the business and system requirements to establish a complete identity service infrastructure as identified below:


Identity Management is the administration of identities throughout the lifecycle of the identity. The administration solution allows identities to be centrally managed, users to self-service their Identities, and identity information to be migrated to and from the Enterprise Directory. This later process includes the provisioning that gets new users provisioned with ID’s wherever they need and are authorized or gets resources provisioned. Identity Management consists of the following components: Administration, Directory Integration, Access Control, Directory Repository and Resource Provisioning. Each of these components will contain a management and audit/reporting sub-component.


Directory Repository is a network service that identifies, locates, and describes network objects; primarily an identity and resource repository for: people, organizations, groups, roles, and other resources. Identities from separate applications and systems are stored and linked to provide a foundation, therefore enabling additional identity service functionality for multiple business systems and applications.


Directory Integration includes the tools necessary to support synchronization when changes between the directory repository and other identity stores when changes occurs. These typically are enabled via custom-developed scripts, import-export utilities, or meta-directory services used to create a unified view of user accounts and profile information across multiple sources in heterogeneous environments.


Resource Provisioning includes the tools necessary to create, modify, or terminate user and application access to resources automatically (via roles and rules or individually). Key components include provisioning resources definitions, data relationships to resources, selection criteria for actions, and enterprise role relationships. Key considerations include definition of roles, definition of policy, aligning policy to roles, provisioning and security administration process development, data definition, and automated workflow.


Access Control – Single Sign On provides policy-based management of authentication and authorization, particularly related to web applications and resources. Key considerations include defining roles, designing rule sets, setting policy, and managing these components.


Application Interfaces are application isolation layers that provide functionality to shield developers and applications from calling vendor-specific API’s. The generalized application interface will present applications with a well-defined way of consuming the identity services provided by the Identity Management infrastructure.


The following sections define the Business and System Requirements for Enterprise Directory, Access Control, Delegated Administration and Directory Integration that best meet SPE’s objectives.


Some of the specific benefits for the Enterprise Directory system include the establishment

and delivery of:


  • A  repository of identity information (employees, contractors, customers, applications, systems, etc.) that can be used by other business applications.
  • The foundation common user authentication and authorization services that can be used throughout the enterprise.
  • Provide centralized administration and audit capability for managing access to enterprise systems, applications and services.
  • A delegated administration and self-service infrastructure for managing applications and systems resources.


For more information about InfraMatix Identity Management Offerings, please contact at 1-877-339-6660.





Oracle inframatix Gold partner
inframatix novell partner
netiq logo color
Inframatix CA Partner
InfraMatix Chartec partner
InfraMatix Chartec partner


Latest News

Contact Us

Learn more about what InfraMatix Inc can do for your business.


Call us today    877-339-6660

2033 Gateay Pl
San Jose , CA 95035

facebook twitter linkedin #