An Access Management Paradigm

Think of all the different types of information a company must store and be able to make available through its enterprise. Now consider the various enterprise users who must make use of that information in order for the company’s business to run smoothly. For example, the following are routine information transactions that occur every day in a typical company:

• An employee looks up a colleague’s phone number in the corporate phone directory.

• A manager looks up the salary histories of her reports to help determine an individual’s merit raise.

• An administrative assistant adds a new hire to the corporate database, which triggers the company’s health insurance provider to add the new hire to its enrollment.

• An engineer sends an internal URL for a specification document to another engineer who works for a partner company.

• A customer logs into the company’s website and looks for a product in the company’s online catalog.

• A vendor submits an online invoice to the company’s accounting department.

In each of these examples, the company must determine who is allowed to view its information or use its applications. Some information such as the company’s product descriptions and advertising can be made available to everyone, even the public at large, in the company’s online catalog. Other information such as accounting and human resources information must be restricted to only employee use. And some internal information is appropriate to share with partners and suppliers, but not with customers.

The Problem

Many enterprises grant access to information on a per-application basis. For example, an employee might have to set up a user name and password to access the company’s health benefits administration website. The same employee must use a different user name and password to access the Accounting Department online forms. Within the same enterprise, a customer sets up a user name and password to access the public branch of the company website. For each website or service, an administrator must convert the enterprise user’s input into a data format that the service can recognize. Each service added to the enterprise must be provisioned and maintained separately.

The Solution

Access Manager reduces the administrative costs and eliminates the redundant user information associated with per-application solutions. Access Manager enables an administrator to assign specific rules or policies governing which information or services each user can access. Policy agents are deployed on application or web servers to process HTTP requests and to enforce active policies.

Together, a user’s information and associated access policies comprise the user’s enterprise identity. Access Manager makes it possible for a user to access many resources in the enterprise with just one identity.