Okay, So with identity and access management, like I said, multiple steps in this process. And it's growing beyond that term of access control and what we're hearing a ton of his. I am I am identity and access management. So what I have for you on the slides I have the steps of identity and access management.
So identity proofing accounts provisioning subject identification
than authentication than authorization, then accounting and then account deeper vision.
So when we talk about identity proofing as the first step, that's not an I t. Think that is when an employee comes in HR and they say, Look, I'm applying for a job here. I'm Kelly Hander hand. Here's my driver's license. Here's my passport. Here's my birth certificate and I am providing actual proof of my identity.
And it's not until I provide satisfactory proof that we would even consider giving this entity and account honor never right. So I definitely proofing is the very first step. But that's not something that we're responsible for doing
now, based on that identity being verified
been okay, This person's hired. We go to create an account for them and the creation of account and signing the rights and permissions. We refer to that as provisional,
and what we want to do is we want to eliminate dual effort. So, for instance, if Kelly Hander Hannes hired and the HR representative puts all her information into the HR database,
you know we don't want them to have to call I t and say, Okay, we've hired Kelly Hander Han. Here's all the information. You enter it in your database,
so we want to find a way to streamline that and share this information so that we don't have the duplication of effort.
All right, now the next pieces or when I go to access a resource, identify often we identify with user name Kelly H.
Then I have to provide authentication. And if you're on Lee requiring identification, just tell me your views. Their name will anybody can. Anybody could make a claim, right? So that's when spoofing becomes so dangerous. Is in these applications or these mechanisms that only require identification
and they don't say prove it
through authenticity. We'll talk about that a little bit. All right, then, authorization. I am authorized, and I'm authorized based on my identity and the authorization is the so what? Peace. The authorization is. Okay, so what? You're Kelly Hander hand? Well,
that's relevant because based on being Kelly Hander hand,
you can create new user accounts. You can manage printers. You could unblock a probable right. So that authorization pieces what we're really working towards
less or the next. The last piece. Auditing and accountability again continuous monitoring for specific events and certain types of accounts, like those privileged user accounts. And then last but not least, all good things come to an end. So at some point in time, money count becomes removed
from the organization from the HR database from
the active directory database. So again, how can we streamline that and make it more manageable? So those were the steps tied entity and access management.