Difference between Access Management and Identity Management Software

This topic has 1 reply, 2 voices, and was last updated 1 month, 3 weeks ago by William Hepler.

  • Author
    Posts
  • #27361
     supportrdi
    Participant

    Hi All,

    currently, I work in a company with +400 users around the globe. We have basically two users database – OpenLDAP and AD – that talk to each other without issues.

    The problem is that we recently suffered a Security audit, and we were “recommended” to start using some User Management tool that would also include some Users management life cycle.

    After googling I reached the ForgeRock company, however, I was presented to two different products that would fit our necessities.

    The issue is that it is not clear for us about the difference between ForgeRock Access Management and Identity Management Software.

    Does someone have some clear vision about the difference, and which cases each one should be used to?

    Thank you

    #27562
     William Hepler
    Participant

    I work mainly in Access Management, but It sounds more like a question of Identify management, or even Automous Identify and governance.
    https://www.forgerock.com/about-us/press-releases/forgerock-unveils-new-offering-create-smarter-identity-management-and

    You can take the first part of the self paced courses they have videos that cover AM and IDM at a high level.
    https://backstage.forgerock.com/university/selfpaced:

    The getting started guide I think covers it fairly well:
    IDM:
    https://backstage.forgerock.com/docs/idm/6.5/getting-started/
    1.1. What Can You Do With IDM?
    This software allows you to simplify the management of identity, as it can help you synchronize data across multiple resources. Each organization can maintain control of accounts within their respective domains.

    IDM works equally well with user, group, and device identities.

    You can also configure workflows to help users manage how they sign up for accounts, as part of how IDM manages the life cycle of users and their accounts.

    You can manage employee identities as they move from job to job. You will make their lives easier as their user accounts can be registered on different systems automatically. Later, IDM can increase productivity when it reconciles information from different accounts, saving users the hassle of entering the same information on different systems.

    Access Management
    https://backstage.forgerock.com/docs/am/6.5/quick-start-guide/#how-openam-helps-manage-access

    1.1. About ForgeRock Access Management
    AM provides a service called access management, which manages access to resources, such as a web page, an application, or web service, available over the network. Once it is set up, AM provides an infrastructure for managing users, roles, and access to resources. In this chapter, you manage access to a single web page.

    AM centralizes access control by handling both authentication and authorization. Authentication is the process of identifying an individual, for example, by confirming a successful login. Authorization is the process of granting access to resources to authenticated individuals.

    AM centralizes authentication by using a variety of authentication modules that connect to identity repositories that store identities and provide authentication services. The identity repositories can be implemented as LDAP directories, relational databases, RADIUS, Windows authentication, one-time password services, and other standards-based access management systems.

    AM lets you chain together the authentication services used. Authentication chains let you configure stronger authentication for more sensitive resources for example. They also let you set up modules that remember a device when the user logs in successfully. Or that evaluate the risk given the login circumstances and therefore can require more credentials when a user is logging in from an unusual location. This chapter uses AM’s built-in identity repository and authentication modules to make it easier to get started.

    AM centralizes authorization by letting you use AM to manage access policies separate from applications and resources. Instead of building access policy into a web application, you install an agent with the web application to request policy decisions from AM. This way you can avoid issues that could arise when developers must embed policy decisions into their applications. With AM, if policy changes or an issue is found after the application is deployed, you have only to change the policy definition in AM, not deploy a new version of the application. AM makes the authorization decisions, and web and Java agents enforce the decisions on AM’s behalf.

    The rest of this chapter has you demonstrate AM access management by installing AM, creating a policy, and installing a web agent on a web server to enforce the policy for a web page.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?