Access management & federation
Centrally controlling access to applications, systems and other resources is core to any successful Identity & Access Management strategy. Without access management, the responsibility for authorising and authenticating users remains with the application developers and owners, which leads to inconsistency surrounding the access process.
An enterprise wide access management approach externalises and centralises the authentication and authorisation of users to an application, web-service or resource providing a scalable, secure and standards based approach to access control. In addition, Deloitte can enhance the traditional Web Single Sign-On with dynamic risk based authorisation with real time risk analysis.
Whilst stand-alone access management solutions can provide sophisticated authentication and authorisation capabilities, it remains within the domain of the organisation’s control. It may not be possible to bring all your users and identities under management of your central access control systems.
With the extension of traditional organisations’ boundaries, mergers and acquisitions, Software as a Service (SaaS), and multiple brands in one business, customers are increasingly expecting to access their cross-brand services in one session e.g. once a customer has entered a username and password into Brand X website, they would expect to access Brand Y services, a trusted partner, without having to repeat the process. To achieve identity federation it is necessary to use an open standards based approach (SAML, SPML, OpenID, Information Cards, etc) and a federated application can provide and receive identity assertions from otherwise completely independent access management systems. While the initial use-cases largely focused on B2B or B2C type applications the same approach is increasingly deployed within the organisation to integrate multiple identities, systems and applications across regional boundaries.
Back to Identity & Access Management