intel it's identity and access management journey

Copyright © 2014, Intel Corporation. All rights reserved

Intel IT’s Identity and Access Management JourneyJuly 2014

2

Legal Notices

This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.

* Other names and brands may be claimed as the property of others.

Copyright © 2014, Intel Corporation. All rights reserved.


3

The SMAC Stack Requires Agile Security Capabilities


• Enable movement of diverse information to more places• Variety and growth in devices, internet touch points, and access

methods• More custom mobile applications and services within the enterprise• The need to adopt standard applications for SaaS in the public

cloud

MobileSocial CloudAnalytics

The increase in devices, applications and use of the cloud requires a new approach to provisioning and managing identities.

4


The IdAM Challenge

• A 20 year old custom solution • A need for a new approach:

• Building with a small set of off-the-shelf solutions • Utilizing Web Services to “wrap” solutions• Driving for a small set of businesses processes

5

IdAM Vision & Goals

Vision: Simple, easy and controlled solutions that enable access to anything, from anywhere, to any

device.Drive Business Value Program CSIs

(Critical Success Factor)

Agility

Improved UX

Flexibility

Risk Mitigation

Reduce:

Unmanaged accounts

Access approval TPT

Application Setup

Audit Excursions


6

High-Level Reference Architecture


EnterpriseDirectory

Services

Core

(M

anag

em

ent)

Peri

ph

ery

(R

unti

me)

Provisioning Third Party Applications

Services

Enterprise Login Performance Stability

User Experience

User Experience

Service Oriented Architecture

KEY Biz Value

Access Request Interface

IdentityManagement

Services

Data Quality ID

Attestation

EntitlementManagement

Services

Access Certification Business / Tech Roles

AppsAppsAppsApps

AuthN

Step-Up AuthN Inbound Federation Outbound Federation Social Login

AuthZ

Fine-Grained AuthZ

7


Co-Existence Implementation (versus Big Bang)

• The new platform will be the master system and will treat the legacy platform as a managed source• As applications are migrated to the new platform, the

management of access will also move• Ahead of migration, legacy applications can take advantage of

features in the new platform, for example, access certification

New IdAMPlatform

Old IdAMPlatform

IdAM Web Services

AGGREGATE

PROVISION

READ

CREATE, UPDATE

LegacyApplications

New/Migrated

Applications

8

Integration Principles

Purchased 3rd Party Applications:Integrate with directory directly or web services

IdAM Web Services

New IdAMPlatform Enterprise

Directory

EnterpriseApplications

Purchased Applications

Custom Written Applications:Integrate with IdAM web services

Provisioning:Outside on exception basis


9


Workers,Trading Partners

& Consumers

Any Device

Federated Identity Management in the Cloud Intel

Access Governance(Core Platform)

Intel ApplicationsAnywhere

Cloud AppsCloud AppsCloud Apps

Internal AppsInternal AppsInternal Apps

Mobile AppsMobile AppsMobile Apps

Federated Identity

Management

StrongAuthentication

Internal External

B2C(Social)

B2B

Inbound SSO

OTP

SSOProvisioning

ActiveProvisioningJIT

Provisioning

Registration

CURRENT• Multiple IT and Business Group solutions• Cannot integrate at the cadence of

business• Lacking key capabilities (multi-factor

authentication, inbound federation)

FUTURE• Unified & IT delivered solution• Single day startup of Cloud SSO in most

cases• Rich capability set proactively meeting

business needs

Colleen Gillon

Note for Intel: would this slide might benefit from some color coding too?

Rainbolt, Elaine

Need to find/create icons for Apps

10


Summary• Significant progress made but this is a long journey and we are only at the beginning.

•Co-existence allows us to achieve value incrementally over time.

• Focusing on a service-oriented architecture approach allows for quick wins on which we can continue to build.

•Align and adopt industry best practices.

• Strong leadership and management is key.

11

Thank You


intel it's identity and access management journey

Technology