Unified access management

Last updated

Unified access management (UAM) refers to an identity management solution that is used by enterprises to manage digital identities and provide secure access to users across multiple devices and applications, both cloud and on-premise. Unified access management solutions provide a single platform from which IT can manage access across a diverse set of users, devices, and applications, whether on-premise or in the cloud. [1]

Contents

Unified access management (UAM) is an evolution of identity and access management (IAM) systems. The goal of unified access management is similar to that of identity and access management: manage the identities of individual entities (people, devices, and so on) and their authentication and authorization (roles and privileges) within and across enterprise systems in a secure manner that bolsters productivity. [2]

Identity and access management

Traditional identity and access management tools work well in addressing specific portions of the enterprise (specific app environments, as in on-premises or cloud; or for specific users, as in employees vs. external partners) on their own. [3] However, many businesses must harness multiple IAM solutions. For example, they may use Microsoft Active Directory and a Web access management tool to manage access to on-premise applications, but require Identity-as-a-Service (IDaaS) solutions to manage access for cloud Software as a Service (SaaS) apps.

Managing multiple identities and access management systems is a burden for Information Technology (IT) departments. It adds to cost by requiring maintenance of multiple solutions and often requires that users are provisioned and de-provisioned in multiple systems. This is because a given IAM system may only manage access from specific devices and for specific systems. [4]

With fragmented identity management, the enterprise may not be able to provide true single sign on, multi-factor authentication, or effective user lifecycle management, slowing down digital transformation. This has a significant, financial impact.

Forrester found a $4.47 million annual loss of productivity due to poor access management per every 10,000 employees. [5] Hybrid IT environments complicate access management, but many organizations are not able to dispense with on-premises systems. For example, in 2018 47% of IT decision makers surveyed reported that the majority of their organization’s custom applications still run on-premises. [6]

The extensive cost of moving legacy systems means organizations are likely to remain hybrid for some time.

History

UAM was introduced by OneLogin.[ citation needed ]

Unified access management versus identity access management

UAM differs from IAM by providing an umbrella solution. A central, cloud directory is the single source of truth for identities and access. The cloud directory integrates with on-premise identity providers or cloud identity providers. It requests information from the identity providers and updates them, so that IT can do all user lifecycle management work in one place (the cloud directory) and let the UAM update appropriate identity providers.

UAM provides other functionality needed to secure access across users and devices. Typically, this includes:

Related Research Articles

In telecommunication, provisioning involves the process of preparing and equipping a network to allow it to provide new services to its users. In National Security/Emergency Preparedness telecommunications services, "provisioning" equates to "initiation" and includes altering the state of an existing priority service or capability.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.

Unified communications (UC) is a business and marketing concept describing the integration of enterprise communication services such as instant messaging (chat), presence information, voice, mobility features, audio, web & video conferencing, fixed-mobile convergence (FMC), desktop sharing, data sharing, call control and speech recognition with non-real-time communication services such as unified messaging. UC is not necessarily a single product, but a set of products that provides a consistent unified user interface and user experience across multiple devices and media types.

In information systems, identity correlation is a process that reconciles and validates the proper ownership of disparate user account login IDs that reside on systems and applications throughout an organization and can permanently link ownership of those user account login IDs to particular individuals by assigning a unique identifier to all validated account login IDs.

<span class="mw-page-title-main">Cloud computing</span> Form of shared Internet-based computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each of which is a data center. Cloud computing relies on sharing of resources to achieve coherence and typically uses a pay-as-you-go model, which can help in reducing capital expenses but may also lead to unexpected operating expenses for users.

<span class="mw-page-title-main">Microsoft Azure</span> Cloud computing platform by Microsoft

Microsoft Azure, often referred to as Azure, is a cloud computing platform run by Microsoft. It offers access, management, and the development of applications and services through global data centers. It also provides a range of capabilities, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Microsoft Azure supports many programming languages, tools, and frameworks, including Microsoft-specific and third-party software and systems.

Eucalyptus is a paid and open-source computer software for building Amazon Web Services (AWS)-compatible private and hybrid cloud computing environments, originally developed by the company Eucalyptus Systems. Eucalyptus is an acronym for Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems. Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as application workloads change. Mårten Mickos was the CEO of Eucalyptus. In September 2014, Eucalyptus was acquired by Hewlett-Packard and then maintained by DXC Technology. After DXC stopped developing the product in late 2017, AppScale Systems forked the code and started supporting Eucalyptus customers.

<span class="mw-page-title-main">OpenAM</span>

OpenAM is an open-source access management, entitlements and federation server platform. Now it is supported by Open Identity Platform Community.

OneLogin, Inc. is a cloud-based identity and access management (IAM) provider that develops a unified access management (UAM) platform for enterprise-level businesses and organizations.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

There are, in essence, three kinds of Cloud printing.

<span class="mw-page-title-main">Dell Software</span> Former software division of Dell, Inc.

Dell Software was a former division of Dell with headquarters in Round Rock, Texas, United States. Dell Software was created by merging various acquisitions by Dell Inc., the third-largest maker of PCs and now a privately held company, to build out its software offerings for data center and cloud management, information management, mobile workforce management, security and data protection for organizations of all sizes.

Cloud management is the management of cloud computing products and services.

<span class="mw-page-title-main">Oracle Cloud</span> Cloud computing service

Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers. The company allows these services to be provisioned on demand over the Internet.

<span class="mw-page-title-main">MaaS 360</span>

IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson integrates with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

Customeridentity and access management (CIAM) is a subset of the larger concept of identity access management (IAM) that focuses on managing and controlling external parties' access to a business' applications, web portals and digital services.

A secure access service edge (SASE) is technology used to deliver wide area network (WAN) and security controls as a cloud computing service directly to the source of connection rather than a data center. It uses cloud and edge computing technologies to reduce the latency that results from backhauling all WAN traffic over long distances to one or a few corporate data centers, due to the increased movement off-premises of dispersed users and their applications. This also helps organizations support dispersed users and their devices with digital transformation and application modernization initiatives.

References

  1. Wodecki, Natalia (11 April 2018). "What is Unified Access Management?". OneLogin. Retrieved 12 December 2018.
  2. Nickel, Jochen (2016-09-30). Mastering Identity and Access Management with Microsoft Azure. Packt Publishing Ltd. ISBN   978-1-78588-788-8.
  3. Wu, Liangshun; Cai, H. J.; Li, Han (2021). "SGX-UAM: A Secure Unified Access Management Scheme With One Time Passwords via Intel SGX". IEEE Access. 9: 38029–38042. doi: 10.1109/ACCESS.2021.3063770 . ISSN   2169-3536.
  4. "The Unified Access Management Playing Field". OneLogin. Retrieved 12 December 2018.
  5. "Cost Savings And Business Benefits Attributed To Cloud-Based IAM Solution". OneLogin. Retrieved 12 December 2018.
  6. "IT Modernization:Critical to Digital Transformation" (PDF). OneLogin. Retrieved 12 December 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.