Access Management

Details

Gives a user the ability to access certain dedicated resources. The Access Management is mainly a security related topic even though it may have a large impact on productivity or corporate identity by the way of its implementation.

Access Management is divided in the following two major parts:

Authentication

The authentication recognizes the specific user by collecting appropriate login information. Classically it queries for username and password, uses additional physical identifiers, such as Apps or Smartcards or biometric data like fingerprint or face recognition. Advanced algorithms look for clear characteristics to identify the identity. For that additional information like the user's location or underlying hardware is analyzed. Furthermore, behavioral patterns such as certain user behavior can contribute the identification. The last two approaches often take place in addition to classic login mechanisms. However, pattern analysis can enhance the security and usability tremendous.
 
To finalize the authentication an enrichment by additional steps may be implemented. The acceptance of certain conditions, the validation of personal information like a telephone number or the selection of additional session specific constraints are possible use cases for that.
 

Authorization

The authorization assumes to know the user already because of the previous authentication. Authorization checks the rights for specific accesses according to the available user information. In classical environments, rights often correspond to so-called group or role memberships but session specific attributes like the physical location may have an impact as well. Authorization is often realized over several layers and especially complex target applications will authorize its users by its own after the Access Management has done a pre validation.

Identity & Access Management