The User Profile Management System
A User Profile Management System is a core app used to manage all employee information and access.
Each employee is assigned a core identity user account with a single profile within the system.
Identities store personal information such as user names, ID numbers, first and last names, contact information, work location, department, job title, etc.
The system will also store information regarding what application accounts the user has access to, and what specific permissions are available to that user for each of those accounts.
This type of system can track access for millions of users, maintain user policies, and also track user access by application.
The ability to monitor all active users associated with an application, allows organizations to monitor applications billed per user, ensuring to only pay for what is needed.
Additionally, organizations can see who is assigned admin permissions, for each application, helping ensure users have the least access rights necessary to perform their jobs.
How It Works
User Profile Management Systems, track and maintain applications, permissions within those applications, personal settings, and file servers, specific to each user, in the form of Attributes.
Attributes are the individual pieces of information within a specific application, resource, or user profile.
These fields are used to reconcile access information stored within the application, and what’s in the User Profile Management System.
Users generally have access to many applications, and each application has a different set of attributes and login credentials, related to that specific user.
User Profile Management Systems make it easy for a System Admin to manage all the user specific login credentials and attributes, from various locations, for many applications and users.
Administrator Privileges within the User Profile Management System, allow system admins to easily grant (provision), and revoke (deprovision), resource access to a user.
User Profile Management Tools
Administrators have historically managed user profiles with local on-premises applications like Active Directory.
However, with a more diverse and complicated technology landscape, advanced tools are needed more than ever.
Today owners, managers, and administrators need to track third-party integrations, along with an endless number of accounts and permissions.
IDHub is a full Identity Management solution, with a robust User Profile Management System.
IDHub was specifically developed to manage all user lifecycles, access, and profile settings, in a central location.
An Identity Management System allows administrators to easily view and control access for all internal and external users, and organizational resources.
Identity Server User Management
Every user within a User Profile Management System, or an Identity and Access Management System, is essentially a virtual identity representation of an employee or contractor.
Each identity, or user, is stored on a local server, or in the cloud inside of a multi-user database application.
Keeping all user identities and related user attributes on a server, allows administrators to manage all users and configuration settings, from any location or virtual desktop, on or off the internal network.
An Identity Management (IAM) platform provides end-user application monitoring, from a single pane of glass, eliminating the need to view user settings from each application individually.
IDHub provides a simple platform agnostic user experience, where administrators can interact with user profiles quickly and easily, regardless of the user application operating system hardware.
Managing Internal User Profiles
For an organization to get the most out of their Identity and Access Management System (IAM System), they first need to consider who needs access to what resources, and what level of permission the access will allow, to each user.
The policies and protocols help organizations provide users with the least privileged access to resources needed to all organizational assets.
An additional advantage of an IAM system is the implementation of Single Sign-on along with Two-Factor Authentication.
Single User Sign-on (SSO) is an authentication process that creates one user interface for all users to access the IAM system and all of their applications, eliminating the need for multiple passwords.
Adding Two-Factor Authentication provides login functionality that helps to ensure the single password is not compromised.
Privileged Access Management enables organizations to provide elevated access when necessary and ensure users only have the required resources needed to do their job.
Organizations often overlook internal threats from corporate users. The vast majority of cyber-attacks involve malicious or compromised internal accounts.
Privilege creep (unauthorized or unnecessary elevation of privileges) is a particularly vulnerable threat that should be monitored continuously with an IAM system.
Identity Management - External Users
The policies and processes of securely managing external user access to an organization, sounds more difficult than it has to be.
Incorporating external users can be done quickly and easily, with a modern Identity and Access Management System like IDHub.
External identities consist of contractors, vendors, partners, suppliers, or any type of third-party who is not an employee of the organization.
External identities would generally have access to the exact IAM System used by internal employees.
Third-Party User Access would require administrators to configure external identities as a profile type, which allows for the least privilege to organizational resources.
Principle Of Least Privilege
IAM Systems maintain a policy of least privileged access, by assigning specific “Roles” to each current user.
Roles are used to restrict network access to users, and provide elevated or administrative privileges within an organization.
Roles assist in providing appropriate access to users, and only the information which pertains to them.
All users within the IAM System can be assigned a Role.
External users are also able to request accounts for access the same as internal users.
However, it would be wise to segregate users based upon their internal/external status within the IDM system, by using Role Assignments.
External Identities, and Internal Identities can also be managed with Federation, or Federated Access Management.
Federation is an arrangement of trust between two parties, in which the party providing access, would trust the party requiring access, to manage who has access to what resources.
If an IAM System is configured in this way, company "A” would trust company “B”, allowing Company "B's" users to gain access to Company "A's" resources.
Company "B's" users would authenticate to their own Company "B" system, which would have certain rights inherited from Company "A".
This allows the two organizations a mutual beneficial trust, with access control.
With IDHub, controlling organizational resource access can be done both ways.
The most important concept in Identity Management, for both internal and external identities, is to secure sensitive organizational information while maintaining the Principle of Least Privilege to keep all systems secure.