I A M AT A G L A N C E Enterprise IAM Reference Architecture • Cloud apps Federates Provisions • Partner apps Provisions, reconciles • Connector framework • REST • Password Manager • SCIM • Provisioning engine • Workflows User Lifecycle Management Access Certification Provisioning Birth right assignment Reconciliation SoD policies Role management (Business, IT) Entitlement management Access Request and approval Analytics and reporting Self-service IGA IGA UI Layer • • • • • Privilege account vaulting Privilege session management Privilege activity monitoring Account check in, check out Privilege activity reporting PAM SSO SSO AuthN • Form bases authentication • Agent based authentication • Federation (Inbound, outbound) • Social login • Step up authentication • MFA AuthZ • Admin time (coarse grained) • Run time (Fine grained) AM PAM UI Layer Authentication Screen Admin+Users Admin+Users Employees Contractors Seasonal workers Suppliers Bots Users Authenticates Reconciles Authoritative Source for employees, contractors, suppliers • • • • • • • • • • • • Adapters • SAML • Policies • OAuth • OpenID Connect • Identity Bridge • Password vault • Session Manager • • • • • • • • • AD LDAP Mainframe Email Azure AD SAP O365 Databases Custom apps • Web apps • Custom apps • App APIs On-prem and cloud apps
