This document discusses strategies for deploying an identity and access management system (IAM) using a software as a service (SaaS) provider. It identifies business and technical challenges that arise when an IAM system is moved outside of an organization's private network perimeter and offers solutions to address them.
Every medium to large organization can benefit from an IAM system. Many organizations are interested in moving some of their IT infrastructure from private data centers to "the cloud" -- which often is short-hand for software as a service (SaaS). It follows that many organizations will be interested in moving their existing IAM systems or deploying a new IAM system in a SaaS model.
15. Identity Management as a Service (IAM SaaS)
2. Relationship: In some cases, new users may have no prior or documented relationship with the or-
ganization (e.g., e-commerce). In other cases, new users may have a prior relationship with the
organization that needs to be considered when creating a portal account. In general, users are not
employed by the operator of the web portal, but may purchase goods or receive services from it.
3. Infrastructure: normally an LDAP directory which authenticates users into one or more Internet-facing
applications.
4. Perimeter: applications are accessible from the Internet, so any firewalls are simply to protect compo-
nents of the system.
5. User turn-over: large number of registrations, which may be initially anonymous. Users rarely volun-
teer to deactivate their accounts and there may be no system of record which identifies users who
should be removed.
6. Endpoint devices: personal or public user devices, ranging from PCs to phones.
Internet portals provide relatively minimal IT services to large numbers of users, who may self-enroll at any
time.
11 Summary
There is no technical barrier to moving IAM systems from an on-premise delivery model to a SaaS model.
That said, organizations should carefully consider:
1. Connectivity to on-premise applications, which almost inevitably depends on an on-premise proxy
server.
2. Standardization of business processes, as the ability to spread process implementation costs across
multiple customers is the main source of operational efficiency for the IAM/SaaS vendor.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: / pub/ wp/ documents/ iam-saas/ iam-saas-howto-3.tex
Date: 2011-08-02