View
146
Download
1
Category
Tags:
Preview:
DESCRIPTION
JAN VANHAECHT, Identity and Access Management Architect, Deloitte, and JEAN-MARIE VAN CUTSEM IT Manager, Deloitte, at the European IRM Summit 2014.
Citation preview
© 2014 Deloitte Belgium
2014/11/04
We're all aForgeRock EU IRM 2014
Jean-Marie Van Cutsem
Jan Vanhaecht
© 2014 Deloitte Belgium3 ForgeRock EU IRM 2014
We're all a Person of Interest
Hi, nice to meet you…?
© 2014 Deloitte Belgium4 ForgeRock EU IRM 2014
We're all a Person of Interest
I’m sorry, did we meet before?
© 2014 Deloitte Belgium5 ForgeRock EU IRM 2014
We're all a Person of Interest
So long, farewell…
© 2014 Deloitte Belgium6
• Deloitte Authentication Service (DAS) is an identity provider
• Service providers can use DAS to authenticate users• DAS supports Single Sign On (SSO)• There can be different authentication flows for different
user types, e.g.:
• Various authentication methods:
These are the current available methods, but more methods can be implemented when requested
• Support for specific authentication screen layouts per service provider
ForgeRock EU IRM 2014
We're all a Person of Interest
DIAS Component overview – Deloitte Authentication Service
DAS DeloitteIdentity &
Authentication
Service
User store: contains users with name, email, roles…
User management and provisioning
Read user info for authentication
Serviceprovider
User
Authentication
Organization Admin (LRAO)
User registration
e.g. MySupport, EnergyLabs
DIS
vs.
Employee Customer
One Time Password
SMS
Belgian eID
EmployeeFederation
Emailand
password
One TimePassword
AuthenticatorApp
© 2014 Deloitte Belgium7
• Deloitte Identity Service (DIS) handles user and role management
• DIS provisions users to the user repository read by DAS
• Registration officers can register users and assign roles
• Users are created for an organization (e.g. a client)• Services can be created to which roles are linked• A user can only get a role assignment for a role of a
service when he is registered for an organization which has a contract for that service
• Users can be registered for multiple organizations (their accounts will be merged)
ForgeRock EU IRM 2014
We're all a Person of Interest
DIAS Component overview – Deloitte Identity Service
DAS DeloitteIdentity &
Authentication
Service
User store: contains users with name, email, roles…
User management and provisioning
Read user info for authentication
Serviceprovider
User
Authentication
Organization Admin (LRAO)
User registration
e.g. MySupport, EnergyLabs
DIS
© 2014 Deloitte Belgium
Move Leave
Delegation
Roles2-factor
Login
ContractCRAO
ID Check
LRAO Register
Access Review
Join
The DIAS Lifecycle Support
We're all a Person of Interest
ForgeRock EU IRM 20148
© 2014 Deloitte Belgium9 ForgeRock EU IRM 2014
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Jan VanhaechtEnterprise Risk Services
Twitter: @janvanhaechtLinkedIn: http://be.linkedin.com/in/javaha/
Bedrijfsrevisoren / Reviseurs d’EntreprisesBerkenlaan 8B1831 DiegemBelgium
Tel. +32 2 800 22 62Mob. +32 473 62 56 36jvanhaecht@deloitte.comwww.deloitte.com
Member of Deloitte Touch Tohmatsu
Jean-Marie Van CutsemIT Security ManagerCISOIT Operations
Deloitte Services & InvestmentsBerkenlaan 8B1831 DiegemBelgium
Tel. + 32 2 600 64 60jvancutsem@DELOITTE.comwww.deloitte.com
Member of Deloitte Touch Tohmatsu
Recommended