2. • Identity and Access Management Overview
• What is a graph database?
• Why is Neo4j a great fit for IAM?
• Great customer stories
• Links to resources and videos
2
Agenda
3. “Ensuring the right individuals have access to the right resources at the
right times and for the right reasons”
What do we need to do (at least)?
• Define identity
• Define the structure of an organization
3
What is Identity and Access Management?
4. Jane Smith the…
• Business Analyst for Customer Support at ABC Inc.
• interim Head of BI and Reporting at ABC Inc.
• line manager of Joe Brown, who’s working on a Strictly
Confidential portfolio at ABC Inc.
• employee of ABC Inc.
• and so on...
4
What is Identity?
5. It looks like a hierarchy...
5
So what does ABC Inc. look like?
7. 7
What about “dotted lines”?
ABC Inc
(CEO)
IT Dept
Risk Analysis
“Security and
Compliance”
8. 8
What about “Conditional Approvals”?
ABC Inc
(CEO)
IT Dept
General
access
“access to
sensitive data”
“Security and
Compliance”
9. • Distributed access across on premise and in the cloud for in-
house/custom off the shelf/SaaS applications
• De-centralized resources that are assigned to people rather
than roles
• The rise of IoT and different identities that people and services
assume in different contexts
9
Modern challenges for IAM
10. • Multiple and conditional approval levels
• History of approval chains / time series (eg „who approved at 5th
of July User xyc access to system abc?“)
• GDRP and Compliance
• Performance
• Intuitivity
• Agility:
• Adding new use cases as needed
• Changing hierarchies on the fly10
… other challenges for IAM
12. 13
What is a graph database?
name: “Joe Brown”
employeeID: 456
name: “Jane
Smith”
employeeID: 123
from:
1/3/2018
Nodes
• Can have Labels to classify nodes
• Can have more than one label
Relationships
• Relate nodes by type and direction
Properties
• Attributes of Nodes &
Relationships
MANAGES
Employee Employee
from:
1/6/2017
from:
1/3/2018
name: “Business
Analyst”
Role
13. Design
• Authorization data model maps closely to the conceptual view
• Closer alignment to processes
Maintenance
• Easy to understand code to query and explore the data
• Pain-free to update and modify model structure as and when required
Performance
• Traversing the authorization tree is fast, providing real-time
authorization capability
14
Why Neo4j is a great fit for IAM
14. Three potential approaches:
• Create a graph-based repository to store identity and access
information metadata
• Integrate Neo4j with current IAM data for authorization
• Import IA data into Neo4j to perform audit
15
How can Neo4j fit into IAM approaches?
18. Find out more about IAM implementations in Neo4j:
• Telenor: www.youtube.com/watch?v=kM2NWM0t-2s
• ForgeRock/Nulli: www.youtube.com/watch?v=R9Vdm2ZqlpQ
Have a go with Neo4j and an IAM example:
• https://neo4j.com/graphgist/entitlements-and-access-control
20
Check it out