Identity Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> As I've mentioned before,
00:00
identity and access management
00:00
starts with the identity piece and
00:00
what we want to talk about in this section
00:00
is the two elements of identity management,
00:00
identity proofing, and then provisioning the accounts.
00:00
We'll also, while we're talking about provisioning,
00:00
talk about the importance of DIY
00:00
provisioning accounts when they're
00:00
no longer valid as well.
00:00
Identity proofing.
00:00
This is a little tricky because I don't want you
00:00
to confuse this with authentication on the network.
00:00
What we're talking about here is when I first
00:00
get hired for an organization and they say,
00:00
welcome onboard Kelly,
00:00
give us your passport, your driver's license,
00:00
fill out this I9 form so that
00:00
we can ensure that you are who you say you are.
00:00
That's to the HR department,
00:00
this has nothing to do with IT yet.
00:00
My organizational policy is going to state that I have to
00:00
provide these documents to provide proof of identity.
00:00
The HR department is going to collect this information,
00:00
they're usually going to enter it into
00:00
a system once they've verified that
00:00
everything is in order and this would
00:00
always happen before I'm ever
00:00
granted an account on the network.
00:00
I provide proof of my identity then
00:00
I'm going to go ahead and get
00:00
a user account and like I said,
00:00
that user account could come from
00:00
my role in the organization or my direct identity.
00:00
There are million different ways.
00:00
I could have an auto-generated employee number
00:00
but the idea is,
00:00
this stage is simply about creating an account.
00:00
No rights or permissions,
00:00
no group membership, just
00:00
creating, generating an account.
00:00
Traditionally, we may
00:00
have had network administrators sit
00:00
down with a group of accounts that were approved by HR.
00:00
Now in a small company, that's fine.
00:00
Maybe on a daily basis,
00:00
I add one account or maybe on a weekly basis,
00:00
but with their organizations as large as they are today,
00:00
we may have tens,
00:00
hundreds of new members at it each day, new employees.
00:00
What we want to do is we want to find a way
00:00
to streamline this process because
00:00
traditionally the way this would work
00:00
is we would have a new employee come on board,
00:00
they go through the identity proofing piece,
00:00
HR enters all their information in the HR database,
00:00
then the IT department is contacted
00:00
and all that information is delivered to IT.
00:00
Go ahead and create an account for Kelly hand on hand.
00:00
Her hire date is such and
00:00
such and now she has an account in the network.
00:00
But what we would rather do is eliminate
00:00
that dual effort and so once
00:00
Kelly hinder him gets added into the HR database,
00:00
it would be great if
00:00
Active Directory could pull that information
00:00
automatically and generate or
00:00
provision accounts based on what's already been entered.
00:00
When we talk about provisioning accounts,
00:00
we want this creation of the accounts,
00:00
we would like to do it automatically,
00:00
if at all possible.
00:00
I just want you to know for identification,
00:00
we have to start with identity proofing and
00:00
then figure out a way
00:00
that we get our accounts provisioned.
00:00
Also, we would like those accounts
00:00
deprovisioned automatically if possible
00:00
because a concern would be if we're relying on HR
00:00
and IT to communicate with each
00:00
other when a user leaves the company,
00:00
there may be that gap in that communication and we may
00:00
wind up having employee that was
00:00
terminated that's still has accounts on the network.
00:00
It's very important that we figure out
00:00
some way to stream this process.
Up Next