Dynamic access control is created when real-time authentication and access management work simultaneously for all users, devices and resources. By analyzing a constant stream of contextual data, split-second decisions can be made about user identities and permissions. This is made possible through mobile-based strong authentication, which is leveraged wherever it’s needed through federated single sign-on. Combined with a new generation of access control, it allows for the management of real-time security by identity in a distributed, heterogeneous environment.
Federated Access Management should include the following capabilities:
Contextual Authentication - Use contextual mobile data to regularly validate that users are who they say they are.
Federated Sign-On - Give users single sign-on access to all of the internal and cloud applications they need from anywhere on any device.
Access Security - Authorize users to only access the apps and resources they need by centralizing control with lightweight agents that enforce security at the URL level.
Federated Identity Administration
The bulk of today’s employee, customer and partner identities are stored and managed on-premises in Active Directory, LDAP and databases. What’s more, SaaS applications create new identity stores for the enterprise to manage in the cloud, whether they like it or not. Add in the fact that Office 365 and Gmail create yet another identity store for your workforce via Azure AD and Google Cloud Directory, and you can easily see how the future enterprise promises many challenges in managing user attributes, provisioning, privacy and access governance.
Enterprises need a simplified and centralized identity management tier in the cloud. You should be able to manage user identities in a cloud directory, bridge identities from Active Directory or Google, leverage SCIM standards or even adopt SaaS provisioners. Vendors should continue to evolve identity management to simplify your ability to see, control and manage identities, attributes and provisioning across your entire infrastructure of on-premise and cloud applications.
Federated Identity Administration should include the following capabilities:
User Management - Identities should be federated so that data can be used from multiple sources for authentication purposes.
Federated Provisioning - Identities should be automatically synchronized and provisioned across all user stores and cloud applications.