In the world of e-business, everyone’s connected, which could mean an administrative nightmare for IT professionals trying to control who has access to what. With directories gaining popularity as business-to-business (B2B) commerce requires more interaction between companies, their partners and suppliers and buyers, both Access360 and Oblix are using directories in their new identity management and provisioning systems.
Access360’s enRole acts as a policy-driven centralized resource provisioning management (RPM) system, assigning and changing various access rights for corporate users as well as providing a fast way to “unplug” access rights when an employee is leaving or a partnership is ending, said Mike New, chief marketing officer at Irvine, Calif.-based Access360.
“Provisioning is about managing who gets what,” he explained. “In an exchange, it’s a multi-tenant situation, where companies need to provision their own employees as well as those of their business partners, supply chain, and so on. Our job is to turn things on and turn things off.”
Officials said enRole can “deliver on the promise of directories” by using their stored user information and combining it with various business policies and rules to streamline the process of granting and removing access to corporate systems. Users can manage their own passwords and make new service requests if they have the correct access rights so that only a few administrators need to oversee the system. Using a collection of agents, enRole can be connected into whichever systems a company needs for provisioning, eliminating the need for restructuring.
“People used to throw bodies at [provisioning problems], but they would lose because the data entry is just too massive after awhile,” said Jeffrey Curie, Access360 director of product management.
Cliff Reeser, director of system security at E*Trade, said enRole makes his job “unbelievably easier. Now that I’ve got a data feed from HR coming into the Access360 system, when HR adds 40 or 50 new employees a day, that gets sent to the Access360 systems and they’re immediately added to the right applications on the right systems and can be productive the minute they walk in the door. So, what used to take 35 or 45 minutes now takes seconds, and I’ve got a complete audit record and I’ve got control of these people on multiple systems.”
Reeser said the security benefits of enRole – knowing who has access to what, and being able to turn on or turn off access quickly – are crucial for E*Trade. He said he sees the ability to use already-present information stored in directories, HR or other systems, will be vital as more Web applications emerge.
“I think things are going in the direction where all these ASPs and outsourced HR applications and everything else, there’s got to be a way to tie the provisioning together or it’s just going to be a management nightmare,” he explained.
Oblix is also making the promise of directories a reality for companies seeking an application that can control Web access and manage identity management through its new NetPoint software.
Targeted at enterprise customers, NetPoint combines the NetPoint Identity System and Access System and links to a lightweight directory access protocol directory, which fuels the security and authentication process, and adds the Active Automation component for access management.
“The Active Automation layer is a workflow engine combined with a set of policies to allow delegated administration and self-registration over the Web,” said Nand Mulchandani, vice-president of product management at Oblix. He also said that business-to-business commerce needs both security and self-administration over a uniform infrastructure to run smoothly. “As users get added, or applications get added, you just crank up the back end.”
The identity management piece of NetPoint makes sure users only see the parts of directories that they have access to, a vital concern when conducting B2B commerce. With NetPoint, users deleted from one company’s systems will also be deleted from the other companies’ systems they may have access to through a synchronization process.