Quick question: when an employee leaves your or your customers’ company, how many systems do you have to touch to disable all of their IT access rights? If your answer is more than one, you should think about introducing or improving an Identity Management System. An Identity Management System, in short IdM, takes care of your employees, their authentication, and the roles and privileges they have within your IT environment. However, adding an IdM is often seen as a difficult task. This does not have to be the case! Thus, let me show you how you can quickly introduce UCS as your identity management system while keeping most of your services intact.
Identity Management System (IDM) – Access Control and a Consistent Database
Many companies continue growing together with their IT environment and administrators are often late in realizing how many services have been added over time: First an e-mail system, then file sharing and, of course, there are always notebooks or desktops for every employee. Each of these services is developing independently of the other or on small islands of two or three services, and for each, you have to add new users . This also implies that each user has a password for each service.
With the growth of the business come compliance requirements. Your HR Data need to be separate from the finances, and your engineering staff should see neither of them. Once set up, an IdM automatically takes care of these roll assignments/ and distribution of access rights. It ensures that every employee has access to exactly all the tools and data they need. Nothing more and nothing less.
Furthermore, an IdM ensures that all the employees’ data is consistent across the services. So, if you use Open-Xchange as your groupware and add on ownCloud for filesharing, it ensures that both utilize the same e-mail address. Thus, it eliminates the risk of a simple typo in the case of double or triple data entry hindering an employee from being productive. On top of it, the IdM unifies user name and password across the different services and even enables passwordless login through single-sign-on mechanisms.
More Security against Ransomware trough defaults and automatic checks
Additionally, an IdM helps you enforce company policies. Authentication factors, such as password complexity and smart card usage, are the most common ones. However, an IdM also allows more complex restrictions, such as checking the location from which an access is made. It is unlikely that someone physically logs on to a computer from two different continents at the same time. In times of ransomware and hacker attacks, these checks are indispensable to ensure the security of corporate IT and thus the functioning of corporate processes.
Lastly, an IdM might ease the burden on your IT staffs workload. Workflow engines, such as the UCS templates, allow you to preset information, making the creation of a user simple enough, so simple indeed that even non-IT personnel can create them. The same holds true for the bane of every helpdesk — the password reset.