Intel IT's identity and access management journey involved moving from a 20-year old custom solution to a new agile approach using a small set of off-the-shelf solutions and web services. The goals were to provide simple, easy, and controlled access from any device or location while improving user experience, flexibility, and risk mitigation. A high-level reference architecture was proposed using core identity management services, entitlement management, authentication, and authorization federated through cloud applications. A co-existence strategy would transition applications gradually to the new platform while treating the legacy system as a managed source. Significant progress had been made but more work remained to fully achieve the vision.

1. Intel IT’s Identity and Access
Management Journey
July 2014
Copyright © 2014, Intel Corporation. All rights reserved

2. Legal Notices
This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, IN THIS SUMMARY.
Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
* Other names and brands may be claimed as the property of others.
Copyright © 2014, Intel Corporation. All rights reserved.
Copyright © 2014, Intel Corporation. All rights reserved
2

3. The SMAC Stack Requires Agile
Security Capabilities
Copyright © 2014, Intel Corporation. All rights reserved
• Enable movement of diverse information to more places
• Variety and growth in devices, internet touch points, and access methods
• More custom mobile applications and services within the enterprise
• The need to adopt standard applications for SaaS in the public cloud
MobileSocial CloudAnalytics
The increase in devices, applications and use of the cloud requires a new
approach to provisioning and managing identities.
3

4. The IdAM Challenge
Copyright © 2014, Intel Corporation. All rights reserved
• A 20 year old custom solution
• A need for a new approach:
• Building with a small set of off-the-shelf solutions
• Utilizing Web Services to “wrap” solutions
• Driving for a small set of businesses processes
4

5. IdAM Vision & Goals
Vision: Simple, easy and controlled solutions that enable
access to anything, from anywhere, to any device.
Drive Business ValueProgram CSIs
(Critical Success Factor)
 Agility
 Improved UX
 Flexibility
 Risk Mitigation
Reduce:
Unmanaged accounts
Access approval TPT
Application Setup
Audit Excursions
5
Copyright © 2014, Intel Corporation. All rights reserved

6. High-Level Reference Architecture
Copyright © 2014, Intel Corporation. All rights reserved
Enterprise
Directory
Services
Core(Management)Periphery
(Runtime)
Provisioning Third Party
Applications
Services
Enterprise Login  Performance
 Stability
 User
Experience
 User Experience
Service
Oriented
Architecture
KEY
 Biz Value
6
Access Request Interface
Identity
Management
Services
 Data Quality
 ID Attestation
Entitlement
Management
Services
 Access Certification
 Business / Tech Roles
AppsAppsAppsApps
AuthN
 Step-Up AuthN
 Inbound Federation
 Outbound Federation
 Social Login
AuthZ
 Fine-Grained AuthZ

7. Co-Existence Implementation
(versus Big Bang)
Copyright © 2014, Intel Corporation. All rights reserved
• The new platform will be the master system and will treat the legacy
platform as a managed source
• As applications are migrated to the new platform, the management of
access will also move
• Ahead of migration, legacy applications can take advantage of features
in the new platform, for example, access certification
New IdAM
Platform
Old IdAM
Platform
IdAM Web
Services
AGGREGATE
PROVISION
READ
CREATE, UPDATE
Legacy
Applications
New/
Migrated
Applications
7

8. Integration Principles
Purchased 3rd Party
Applications:
Integrate with directory directly
or web services
IdAM Web
Services
New IdAM
Platform Enterprise
Directory
Enterprise
Applications
Purchased
Applications
8
Custom Written
Applications:
Integrate with IdAM
web services
Provisioning:
Outside on
exception basis
Copyright © 2014, Intel Corporation. All rights reserved

9. Workers,
Trading Partners
& Consumers
Any Device
Federated Identity Management
in the Cloud
Copyright © 2014, Intel Corporation. All rights reserved
Intel
Access Governance
(Core Platform)
Intel Applications
Anywhere
Cloud AppsCloud Apps
Cloud Apps
Internal Apps
Internal Apps
Internal Apps
Mobile AppsMobile Apps
Mobile Apps
Federated
Identity
Management
Strong
Authentication
Internal External
B2C
(Social)
B2B
Inbound SSO
OTP
SSO
Provisioning
Active
Provisioning
JIT
Provisioning
Registration
CURRENT
• Multiple IT and Business Group solutions
• Cannot integrate at the cadence of business
• Lacking key capabilities (multi-factor
authentication, inbound federation)
FUTURE
• Unified & IT delivered solution
• Single day startup of Cloud SSO in most cases
• Rich capability set proactively meeting business
needs
9

10. Summary
Copyright © 2014, Intel Corporation. All rights reserved
• Significant progress made but this is a long journey
and we are only at the beginning.
• Co-existence allows us to achieve value incrementally over
time.
• Focusing on a service-oriented architecture approach
allows for quick wins on which we can continue to build.
• Align and adopt industry best practices.
• Strong leadership and management is key.
10

11. 11
Thank You
Copyright © 2014, Intel Corporation. All rights reserved