overview of identity and access management product line

Overview of Identity and Access Management Product Line

© Novell, Inc. All rights reserved.2

Presenters

Ajay SharmaProduct Marketing Manager

Baber AminBusiness Line Manager,Novell, Inc. [email protected]

Bob BentleyProduct ManagerNovell, Inc. [email protected]

Kamal NarayanProduct ManagerNovell, Inc. [email protected]

Lee HowarthProduct Manager,Novell, Inc. [email protected]


Risk to The Enterprise is Rising


Complex Times, Complex Challenges

• How do I manage changes to user identities and access rights?

• How do I improve the productivity of my IT staff and end users?

• How do I reduce password-related calls to the helpdesk due to stronger password policies?

• How do I ensure that users have the right access to systems so I can minimize risk?

• How do I manage access for partners, customers and other users outside my organization?

• How do I maintain strong, agile control over resource and information access to comply with current regulations?


Novell® Identity and Access Management Solutions

Novell Identity and Access Management solutions help you address the fundamental problem of managing “who has access to what,” so you can trust that your business is secure.


Identity and Security Solutions

Identity and Access Management Capabilities• User Provisioning and

Management

• Roles Management

• Simplified, Secure Access


Identity and Security Solutions

Identity and Access Management Products

• Novell® Identity Manager

• Novell Access Manager™

• Novell SecureLogin


Novell® Identity and Access Management Solutions Capabilities

User Provisioning and Management

Simplified, Secure Access

Roles Management

IT EndUser

Line-of-Business Manager

Novell® Identity ManagerOverview

Bob BentleyProduct ManagerNovell, Inc./ [email protected]

Kamal NayaranProduct ManagerNovell, Inc. /[email protected]


Novell® Identity Manager

Enable your organization to be more open and agile without limiting security, control or compliance.

Integrate, automate, and secure access to information for customers, partners, and employees.

Maintain clear visibility of people, actions, and compliance, past and present.

The result: Simplify and secure the enterprise while controlling costs and meeting regulatory demands.


Your Identity Challenges

• Provisioning new users - Users wait up to 3 weeks for activated accounts

• Managing users - Help desk costs $25-40 per call for password resets, with 25-35% of calls related to password resets

• De-provisioning users - 30-60% of existing accounts are invalid• Deploying new initiatives - Up to 30% of development time is for

controlling access to applications and data• Reconciling user data - 100+ user data sources at typical firm

provide out-of-sync and untrustworthy identity data• Protecting trust - Many new privacy and regulatory requirements

around the world• Achieving compliance – Up to 25% of IT budget is consumed to

support compliance


How Does Novell® Identity Manager Help?Security• Revoke system access in minutes, not

days

• Manage all password policies centrally

• People get access to only what they need based on business roles

• Eliminate siloed and duplicative systems

Compliance• Clear visibility into who has access to

what, when and how they got it, and who approved it

• Historical/forensic review of access

• Insightful risk metrics illuminate compliance conflicts

• Easy policy updates to stay current

• Instant documentation for auditors

Cost• Reduce your help desk costs by 40%

• Automate manual processes and work-flows

• Extend the value of legacy applications

• Simplified implementation and administration

• End vendor lock-in and high switching costs

Agility• Integrate new businesses in days, not

months

• Hire a new employee and have all their systems ready automatically on their start date

• Empower users with provisioning control

• Have business decisions drive IT and not the other way round


Novell® Identity Manager 4 Product Family

Compliance Management Platform

IDM 4 “Dorado”

IDM 4 “Capricorn”


Identity Manager Architecture Logical View

ApplicationsDirectories

OS and File Systems

DatabasesTelephone and Building Access

Help DeskCloud and SaaS

Credentialing

Real-time Data Integrity

RBAC Model

Work-flow System

Identity Vault

White Pages/ Self-Service/ Pwd Mgmt

Business Resource Request

Role-based User Mgmt/ Deleg Admin

Approval Work-flow

Key Functional Capabilities

Mobile WebtopYour Portal/

Web Services/ Custom

Business Managers

CISO Compliance/ Auditor

Employees

Major Components

Connectors

Customers/ Partners/

Contractors

Advanced Reporting

and Metrics

Historical Reporting

Warehouse

Developers and Consultants

Role and Policy

Mapping

Compliance Content

Open APIs Deployment and Mgmt

Tools


Identity Manager in Operation

Promotion

Forgot Password

Password Expires

x?

New Project

Move Locations

Employee,Customer,Partner,Volunteer

RelationshipBegins

Auditor,Security Lead

Manager,Resource Owner

PROVISION ROLE-BASED USERADMINISTRATION

REQUEST ANDAPPROVAL

PASSWORDMANAGEMENT

RelationshipEnds

PASSWORDMANAGEMENT

REPORT ANDMONITOR


Industry- Leading Provisioning

• Automated Provisioning– New employees automatically granted access to

everything needed on their first day– Robust request and approval workflow system– Revoked access occurs in minutes

• Role-based Management– Automatically assigns and updates resources based

on users' business roles– Respects Segregation of Duties between roles

• Identity Data Synchronization– Maintains integrity of user information throughout the

organization– Enforces authority of identity information—the right

data from the right sources– Updates propagate within moments

The right people get access to the right resources at the right time, and nothing else.


Powerful User Tools

• Password Management– Enforce system-wide strong password policies– Password management webtop helps users

change or recover passwords– Bi-directional password synchronization

• User Self-Service– Users can initiate their own access requests and

password changes– Significantly reduces management costs and time

to productivity

• Delegated Administration– Business managers or department leaders can

manage their users, reducing dependence and burden on IT

Empowering users with critical tools while enforcing appropriate security and reducing your costs.


Advanced Reporting and Metrics

• Insightful reports– Variety of out-of-the-box report templates– Reporting on present and past states,

plus activity over time– Spans both the Identity Vault and connected systems– Ready report customization through open report

template standards

• Robust automation– Visual report scheduling – one time or recurring– Policy-based data collection and storage– Automatic report distribution to critical stakeholders

and storage of completed reports

• Powerful compliance support– Current and forensic review of identity and user

provisioning related data

Meaningful insight into how your organization's mission critical user provisioning is operating, and the ability to prove compliance.


Policy Mapping and Integration

• Role Mapping Administrator– Automatically discovers authorizations that can be

granted within your major IT systems– Allows business users (not just consultants, IT staff or

developers) to define and maintain which authorizations are associated with business roles

– Result: associated authorizations are automatically provisioned to business role members

• Breakthrough innovation in how your identity system is “programmed”

– Visual, drag and drop, business-user-friendly tool– Order-of-magnitude reduction in time, effort, cost– Applies to both initial setup and ongoing maintenance

of policy to keep it business-relevant

• Sustainable access compliance – Works between Novell® IDM, SAP, SharePoint, etc.

Letting business users Intelligently connect the policy dots between the major IT systems your organization depends on.


Ready for Cloud Computing

• Uniquely ready for the challenges of the Cloud Computing

– Cloud-ready architecture makes the location of resources transparent—on-site, hosted, or both

– User organizations enjoy the same security, management capabilities and predictability whether inside the organization or out in the cloud

• Seamless integration with SaaS and hosted solutions

– User provisioning/de-provisioning, request/approval processes, password changes, identity profile updates, reporting, etc.

• Powerful tools make the hosted business model transparent, scalable and efficient

– SaaS application support with scalability and high availability to ensure compliant SaaS processes

Ensuring your organization is ready for—and taking full advantage of—cutting edge IT trends.


Intelligent Content Control

Allows customization of IDM to your environment without getting painted into a corner

• Protects your configuration IP and simplifies troubleshooting

– Leverages and protects your tremendous investments in policies, work-flow definitions, and other configuration

– Alerts you when you're changing something that is used in multiple places and could have unintended effects

– 'Factory Mode' temporarily overrides any changes made and/or allows return to clean slate

• Enables content libraries– Capture, archive, share, reuse good policy elements– Integrators can create their unique 'canonical' approach

• Future: Out-of-the-box Business Relevance via Compliance Content Packs from Novell®

– Addressing key compliance needs aligning to regulations such as PCI/DSS, SOX, HIPAA, FISMA, GLBA, Basel II, FERC/NERC, etc.


Improved User Experience

Providing controls in the hands of users to enhance productivity

• Work Dashboard– A single consolidated view bringing together upcoming

tasks, resource and role assignment, status of outstanding requests, etc.

– “Much less clicking”

• Resource Model and Assignments Dashboard– A clear, easily understood view of who currently has

access to what– Eliminates the “tech speak gap” for ordinary users who

need to make decisions about who should get what

• Built in SSO Support– Out-of-the-box integration with AD/Kerberos ticket

systems, SAML assertions, and SAP Logon ticket systems

– Eliminates the need for an external SSO tool when accessing IDM


New Work Dashboard


Industry-leading Deployment Tools

• Designer– Model, deploy and document identity policies– Explore “what if” scenarios– Version control, save/archive and reuse efforts– Up to 50% less cost in deployment

• Analyzer– Evaluate, cleanse and prepare identity data within

systems to be managed– Up to 80% less time and effort in

manual-intensive prep work

Bringing the “industrial revolution” to the highly manual, expensive process of rolling out identity management.


Development Platform

• True identity services architecture– Modular, accessible functions

• Easily consumed into your environment (“mashup”)

– Your company portal

– Custom or mobile application

– Help desk or other business processes

• Over 100 standards-based identity services

– REST, SOAP, LDAP, JDBC, etc.

– Management and end-user actions

Easily consume, manage and interact with identity management functions however you need to.


Information Security Magazine 2007 and 2008Reader's Choice AwardNovell Identity Manager, this year's identity management winner is widely regarded as the market leader, automating user provisioning to get employees what they need—and only what they need—to get to work quickly.

—Second year in a row, Gold Medalist

2007 Global Product Excellence Customer Trust Award• Novell® Identity Manager 3.5 for Excellence in Identity Management• Novell® Access Manager™ for Excellence in Access Management• Novell® Sentinel™ 6 for Excellence in Security Management

2008 SIIA 23rd Annual Codie Awards“Best Security Solution • Novell Identity and Security Management Portfolio, Novell, Inc.”

“For large and growing mid-sized organizations Novell Identity Manager 3.5 is our hands-down choice. For functionality, ease of use, and overall support, we rate this our Best Buy”. - SC Magazine

Award-Winning TechnologyAhead of the Competition


Industry's Best Partners


Nearly 7000 Customers


www.novell.com/identitymanager

Novell® Access Manager™

Lee HowarthProduct Manager,Novell, Inc. /[email protected]


Novell® Access Manager™

Single solution protects both Web and enterprise applications

Enables organizations to rapidly deploy secure online services

Designed to help reduce management overhead and infrastructure costs

Integrated Identity Federation – Out of the box support for all major specifications


Customer Pain Points

Security and Compliance• Need to provide secure access to resources• Need to prove who accessed what• Users have too many IDs and passwords to remember

Cost and Complexity• Many different Web applications• Infrastructure costs are too high• Help desk costs are too high

Agility• Constant changes to the environment: new applications added

all the time and identity stores scattered across the enterprise• Need to deliver partner-enabled services (SSO)• Acquisitions


How Does Novell® Access Manager™ Help?

Protects Web and enterprise applications (Web and SSL VPN)

Provides Web SSO

Provides advanced levels of authentication

Provides traceability (Who logged in and where did they go)

Provides Web SSO without modification to Web servers

No need for separate SSL VPN and/or VPN solution

Reduces infrastructure Costs (SSL certificates and IP addresses)

Federation enables existing applications

Supports any standard HTTP Web server

Supports multiple identity stores in any combination

Integrated identity federation

Costand Complexity

BusinessAgility

Securityand Compliance


Novell Access Manager™ Components


Product Milestones Since 2009

• Novell® Access Manger™ 3.1 – Jan 2009– WS-Federation and Information Card Support

– SSL VPN Enhancements

– Improved Administration

– Additional Platform Support

– Additional APIs• Novell Access Manager 3.1 SP1 – July 2009

– Identity Server Session Failover– Non-Redirected Login

– Full Tunneling SSLVPN

– Customized Login Page Enhancements

– Session-based Logging


WS-Federation and Information Cards

• Comprehensive SSO– Builds on the strengths of Novell® Access Manager™ 3.0 – out of

the box SSO to any standard web server

– Adds WS-Federation to SAML and Liberty Alliance support

– Adds support for Windows CardSpace (Information Cards)• Microsoft SharePoint Integration

– Worked closely with Microsoft to develop an test ADFS-based SSO

– Perfect solution for enterprises that use a primary identity store other than Active Directory (Novell eDirectory™, Sun etc).

– Transforms Identity (LDAP / Federation) into ADFS-claims that can be used for policy decisions in MS SharePoint


Managing Access to SharePointArchitectural View

• SharePoint user management for multiple communities– Options:

> Manual registration / management> Identity management / provisioning

– Issues> Increases management overhead> Doesn't support federated access beyond WS-Federation

Sun One“Customers”

Active Directory

“BusinessUnits”

eDirectory™

“Employees”

Active Directory

“SharePoint”

MicrosoftSharePoint


Managing Access to SharePoint with Novell® Access Manager™

• Simplified access to MS SharePoint– User authenticates to Access Manager

(Direct or Federated)> Access Manager can validate identities across

multiple identity stores as well as federated authentication from partners using SAML, WS-Fed or Liberty Alliance

– User accesses SharePoint> Access Manager transforms LDAP and

federated identity into claims that are forwarded to Active Directory Federation Services (ADFS)

– SharePoint Administrator – Mr. Happy> Associates claims to SharePoint groups> No need to manage individual identities for all

users that need to access SharePoint

– Improved user experience> Single Sign-On to SharePoint and

other Web resources protected by Access Manager

Sun One“Customers”

Active Directory

“BusinessUnits”

eDirectory™

“Employees”

Active Directory

“SharePoint”

NovellAccess

Manager

MicrosoftSharePoint

Access Managertransforms LDAP

and FederatedIdentity into ADFS

claims


SSL VPN Enhancements

• Simplified Deployment– Removed dependency on Access Gateway authentication• Perfect for remote offices

• Improved Management– Client Integrity Checking Level authorization policies– Role-based control of client (Enterprise or Kiosk)

• Security Enhancements– Desktop Cleanup• History, Cache

– Secure Folder


Management and Customization

• Streamlined Management Interface– Lower level policies to govern delegated administration

• Authorization API– Enables integration with non-LDAP policy information

points– Adds to existing authentication and identity injection APIs

• Additional Platform Support– Windows Server for Identity and Admin Servers– AIX version of J2EE Agent for IBM WebSphere


Future Releases

• Novell® Access Manager™ 3.1 SP2 – April 2010– Timeout per protected resource– SAML/eGov Certification– Access Gateway Service

• Novell Access Manager futures – Web Agent Enforcement Points– SAML Enhancements (Simplified Configuration)– Performance Optimization in Virtual Environments – Identity Services– Single Box Installation


www.novell.com/accessmanager

Novell® Secure Login

Baber AminBusiness Line Manager,Novell, Inc. /[email protected]


Novell® SecureLogin

• Enable single sign-on to Web, JAVA and enterprise applications

• Reduce costs• Enhance security with improved

productivity • Support compliance efforts


Novell SecureLogin Mitigates Risk


Novell SecureLogin Reduces Costs


Novell® SecureLogin Improves Productivity


Novell® SecureLogin and Compliance


Password Synchronization

SAP

Mainframe

Win32

SAP App

Workstation

Network OS

Win32 App

Mainframe

NOS

Username 1 / Password




Synchronized passwords are limited to the “lowest common denominator” of the connected systems.

Password:123456

Password:123456

Password:123456

Password:123456


Enterprise Single Sign-on

User Workstation

Novell SecureLogin

SAP

Mainframe

Win32

NOS

Password:123456

Password:john077

Password:carpediem09

Password:surferdude85

Gmail

Password:jj2500

Partner App

Password:acme01

Passwords are as strong as each application will permit.


Pre-provision User Credentials Supplemented by ESSO

Novell Identity Manager

Identity & Credential Store (eDirectory)

SAP HR E-mail Linux Mainframe

Password:FV25I68

Password:mfe009678

User

Novell SecureLogin


Web Access Management Supplemented by ESSO

Internal Web Applications

Portal Interface

External Web Applications

Novell SecureLogin

User

DirectoryWeb Access Management Infrastructure

Expense Reporting

Benefits

Time Off

Partner App

Web Mail



20111H 2010 2H 2010

• Windows 7 support• Oracle Forms • .NET and basic WPF support• SAP environment support

NSL 7.0 SP1

• Emergency access capability• Integrated OTP • eSSO to SaaS applications • Flash application support

NSL 7.x

• UCF driven reports• Automated patch

management• Modular Client• Supporting delegated

access• Enhanced support for re-

authentication• FDE support

NSL 7.x

2H 2010

• eSSO Server / appliance offering

• Zero day upgrade• Modular Client• Automated patch

management

NSL 7.x


For More Information

• Visit table A5 in IT Central• Attend the following complementary sessions:

– BOF106: SecureLogin in the Real World Panel Discussion– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle

Management– IAM207: SecureLogin and Your Active Directory Setup– IAM302: Using Hard Disk Encryption and SecureLogin– IAM303: Enhancing SecureLogin with Multi-factor Authentication– IAM304: Securing Shared Workstation with SecureLogin

• Walk through the SecureLogin demo in the Installation and Migration Depot

• Visit www.novell.com/securelogin

Try SecureLogin for Yourself

We'll install SecureLogin on your machine (for free).

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

overview of identity and access management product line

Documents

access rights

nayaran product manager

information access

access managementsolutions

forcontrolling access

whohas access

access toagilitywhat

right access