Best Practices for Identity Management from the Annals of Private Banking
06.05.2010 15:00-16:00 Moderator:Best Practices for Identity Management from the Annals of Private Banking
In the ever evolving virtual world it is a challenge to define "identity", leave apart managing identities. I will start with the most accepted definition "Identity management is a broad or rather evolving administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system by placing restrictions on the established identities". Coming from the private wealth business needless to say identity management process must be watertight. The identity management paradigm of pure identity, user access and service must be complemented with additional dimensions of need to know principle, cost overhead, user productivity and multi eyes approval process.
There is no easy way if this problem is looked in isolation. What can we do? Create a process that takes into account the entire lifecycle of an identity across all systems. This is a good starting point to look at the best practices which I am going to discuss...
Integration of SAP in a Comprehensive Identity Management Solution for Access and Authorization Control with Enterprise Roles
- Use of Enterprise roles for SAP and non-SAP applications
- User provisioning and role assignment via the Identity Management System – connected to Active Directory
- Identity management Framework for the reduction of management effort for user creation and role assignment
Application roles from SAP and in-house developed non-SAP systems can be consolidated within the scope of an Identity management Framework to generate Enterprise roles. The effort involved in provisioning of users and the assignment of Enterprise roles to these users can be significantly reduced using an Identity management system. The users can then log on via the portal using Single Sign On and can access their applications based on the assigned Roles.