Monday, March 1, 2010

How Microsoft Active Directory integration links ProtoSphere to identity management lifecycle

Management of the identity lifecycle is crucial for modern enterprises. The identity lifecycle is established when an employee is hired. Their role and job determines what information they can access or what building and campus areas they can get into. This changes as they move through the enterprise during their career. And if/when the employee leaves the company, their access rights must be revoked.

Most large enterprises deploy identity and access management (IAM) software and elaborate directory infrastructures based on LDAP (Lightweight Directory Access Protocol) or Microsoft Active Directory to facilitate this process. These tools automate things including single sign-on to applications, the ability to handle password resets (which are hugely expensive, costing $60-$300 per reset depending on the system if done manually), and the ability to assign roles and change them.

As a collaboration platform, ProtoSphere is tied into the existing tools for managing user identity and identity lifecycle because it integrates with Active Directory. By linking with the Active Directory authentication and groups functions, corporate policies about access rights are mapped into the ProtoSphere virtual environment. So if an employee is allowed to access XYZ information in the organization, he can also access XYZ information in ProtoSphere, no more, no less.

For example, only pharmaceutical employees working on the marketing team for Drug A could be allowed to virtually access the ProtoSphere workspace for Drug A, and any of the relevant data feeds visible there. Clinical trial data, competitive information, and manufacturing process information might be contained in that virtual floor. But only authorized employees can access it, as dictated by the firm's Active Directory authentication settings.

This makes it easy for organizations to maintain their identity and access policies when working in ProtoSphere, and saves IT a great deal of time and headache when conducting an enterprise-wide roll-out. Systems administrators don't have to maintain multiple sets of credentials or enter and manage potentially thousands of user accounts in the system.

No comments:

Related Posts Plugin for WordPress, Blogger...