January 13, 2020 at 10:09 pm #27361supportrdiParticipant
currently, I work in a company with +400 users around the globe. We have basically two users database – OpenLDAP and AD – that talk to each other without issues.
The problem is that we recently suffered a Security audit, and we were “recommended” to start using some User Management tool that would also include some Users management life cycle.
After googling I reached the ForgeRock company, however, I was presented to two different products that would fit our necessities.
The issue is that it is not clear for us about the difference between ForgeRock Access Management and Identity Management Software.
Does someone have some clear vision about the difference, and which cases each one should be used to?
Thank youFebruary 5, 2020 at 11:20 pm #27562William HeplerParticipant
I work mainly in Access Management, but It sounds more like a question of Identify management, or even Automous Identify and governance.
You can take the first part of the self paced courses they have videos that cover AM and IDM at a high level.
The getting started guide I think covers it fairly well:
1.1. What Can You Do With IDM?
This software allows you to simplify the management of identity, as it can help you synchronize data across multiple resources. Each organization can maintain control of accounts within their respective domains.
IDM works equally well with user, group, and device identities.
You can also configure workflows to help users manage how they sign up for accounts, as part of how IDM manages the life cycle of users and their accounts.
You can manage employee identities as they move from job to job. You will make their lives easier as their user accounts can be registered on different systems automatically. Later, IDM can increase productivity when it reconciles information from different accounts, saving users the hassle of entering the same information on different systems.
1.1. About ForgeRock Access Management
AM provides a service called access management, which manages access to resources, such as a web page, an application, or web service, available over the network. Once it is set up, AM provides an infrastructure for managing users, roles, and access to resources. In this chapter, you manage access to a single web page.
AM centralizes access control by handling both authentication and authorization. Authentication is the process of identifying an individual, for example, by confirming a successful login. Authorization is the process of granting access to resources to authenticated individuals.
AM centralizes authentication by using a variety of authentication modules that connect to identity repositories that store identities and provide authentication services. The identity repositories can be implemented as LDAP directories, relational databases, RADIUS, Windows authentication, one-time password services, and other standards-based access management systems.
AM lets you chain together the authentication services used. Authentication chains let you configure stronger authentication for more sensitive resources for example. They also let you set up modules that remember a device when the user logs in successfully. Or that evaluate the risk given the login circumstances and therefore can require more credentials when a user is logging in from an unusual location. This chapter uses AM’s built-in identity repository and authentication modules to make it easier to get started.
AM centralizes authorization by letting you use AM to manage access policies separate from applications and resources. Instead of building access policy into a web application, you install an agent with the web application to request policy decisions from AM. This way you can avoid issues that could arise when developers must embed policy decisions into their applications. With AM, if policy changes or an issue is found after the application is deployed, you have only to change the policy definition in AM, not deploy a new version of the application. AM makes the authorization decisions, and web and Java agents enforce the decisions on AM’s behalf.
The rest of this chapter has you demonstrate AM access management by installing AM, creating a policy, and installing a web agent on a web server to enforce the policy for a web page.
You must be logged in to reply to this topic.