Federated Identity Manager
Features and benefits
Features | Advantages | Benefits |
---|---|---|
Rather than having to enroll third-party users into a company's internal identity systems, federated identity management enables IT service providers to offload the cost of user administration to their business partner companies | Since the business partner company acts like an identity provider, the service provider does not have to take on the burden of user administration costs such as user enrollment, account management, password management, password reset, help desk, or customer care costs | Helps to reduce administration and provisioning costs: Managing identities for third-party users can be a manual, cumbersome, and costly proposition that depletes critical IT resources |
FIM facilitates "straight through processing" techniques because the identity provider does not have to replicate or stage business processes on behalf of a service provider | By employing Tivoli Access Manager for e-business (included with FIM), FIM is able to provide integrated session management, significantly facilitating inter-company transactions. With a federated identity model, identity providers have an opportunity to streamline inter-company transactions, thereby reducing costs, and simplifying integration | Simplified Integration: Integration is simplified because there is a common way to share identities between companies and manage user sessions |
Business benefits
Helping businesses collaborate securely
IBM Tivoli Federated Identity Management (FIM) provides a simple, loosely-coupled model for managing identity and access to resources that span companies or security domains. Rather than replicate identity and security administration at both companies, Tivoli Federated Identity Manager provides a simple model for managing identities and providing them with access to information and services in a trusted fashion. For companies deploying Service Oriented Architecture (SOA) and Web Services, FIM provides policy-based integrated security management for federated Web services. The foundation of FIM is trust, integrity, and privacy of data.
On this foundation, organizations can share identity and policy data about users and services. The sharing of trusted identities and policies is the key to delivering a richer experience for users navigating between federation sites. Trust enables companies to loosely couple their disparate identity management systems.
A federated model simplifies administration and enables companies to extend identity and access management to third-party users and third-party services.
New for Version 6.1, Tivoli Federated Identity Manager now offers support for z/OS.
At-a-glance
Now with support for z/OS, Tivoli Federated Identity Manager will help ensure secure transactions across mainframe and distributed environments using SOA and Web services technology. FIM provides added security protection, identity management capabilities and built-in compliance tools.
FIM enables customers to control access to applications based on the user's role in the organization (e.g., IT manager or HR manager). The software extends IBM's IT service management portfolio, which enables companies to reduce technology complexity through automation and process integration.
Tivoli Federated Identity Manager offers significant help in:
- Integrating security between new distributed applications and legacy mainframe applications (e.g. CICS)
- Improving audit controls for legacy data and transactions served using SOA and Web Services
- Delivering role-based access control for new Web Services
- Leveraging System z as a first class platform for Application Delivery - via new capabilities in identity management, Web Services and Audit
- Integrating business silos, facilitating mergers and acquisitions, and addressing compliance and governance, to help ensure the success of SOA projects
Benefits
Companies that choose to collaborate in identity-based business processes may benefit from Tivoli Federated Identity Manager's ability to help:
- Improve user experience and reduce user administration costs by using Federated Single Sign On with customer, partner, agent and/or provider organizations.
- Minimize application impact, through drop-in federation capability
- Allow collaboration with a wide variety of partner organizations, through concurrent support for all leading Federated Single Sign-On protocols
- Integrate audit data collection and reporting.
- Manage identity flow across services and deliver policy-based integrated security management
- Align with open standards and specifications including Liberty, SAML, WS-Federation, WS-Security and WS-Trust.
- Simplify integration between companies and their partners' Web sites, including simplified session management
- Improve business compliance by helping to reduce security exposure
- Expand business reach of service providers creating revenue generating opportunities
- Simplify administration of security in cross-enterprise business processes by delivering "security as services"
- Deliver policy based integrated security management for SOA Web Services
For the business executive:
- Best-of-breed integrated solution from a proven vendor
- The proven experience of IBM Global Services security and privacy practice for Tivoli Federated Identity Manager and Tivoli identity management solutions
- Low total cost of ownership
- IT manageability
For the IT executive:
- Lower user administration and provisioning costs related to identity management
- Simplified integration between companies and their partners' Web sites
- Improved business compliance through reduced security exposure
- Improved end-user experience through Federated Single-Sign-on and Single Sign-off
- Expanded business reach of service providers creating revenue-generating opportunities
- Simplified administration of security in cross-enterprise business processes by delivering "security as services"
- Part of a complete range of solutions for identity management, ranging from user lifecycle management through authentication, authorization and privacy, to the identity infrastructure itself in the form of directory and metadirectory
Unique differentiators
- Implements key standards and specifications for federated identity management: SAML, Liberty, WS-Federation, and WS-Trust
- Delivered and supported by IBM Tivoli, which is committed to enterprise security, offering a full identity management portfolio, and continuing to strongly influence and drive Federated Identity Management and other security standards
- "Drop-in" federation with minimal impact on applications - providing quicker time to value and greatly reduced ongoing maintenance costs
- Offers attractive per-user tiered pricing model with unlimited user license model for securing e-business
- Is architected for high availability and scalability and is in use by customers to secure federated users numbering in the millions
IBM Tivoli Federated Identity Manager Roles
In a federated identity management scenario, organizations assume the role of an identity provider or a service provider. These roles are not mutually exclusive. Many large organizations will assume the role of both identity provider and service provider.
An identity provider; is an organization that directly manages end users. An identity provider is the authoritative source for issuing and validating user identities and network credentials for a set of users; an identity provider "owns the user relationship". For example, many companies act as identity providers for employees, customers, and contractors. Identity providers "vouch" for the user identity and their entitlements in a federated interaction with service providers. So, the "identity provider" role can be thought of as an authentication authority.
A service provider provides "services" for end users. They typically do not have a vested business interest in managing the user. Service providers act as a "relying party" to validate credentials issued by a trusted identity partner, on the basis of which they provide services to that trusted identity.
In a service-oriented architecture (SOA) environment the following additional roles apply:
- A Web services requester is a service client that needs to access a service provider. A Web service requester may be a Microsoft .NET application or a Java or WebSphere application.
- A Web services provider is a service provider that provides a "service" or a component. A Web service provider could be a Microsoft.NET Application or a Java or WebSphere application. Web service providers need to identify, authenticated by service clients.
- Within a SOA environment, there needs to an infrastructure service that simplifies the management of security polices for these various service clients and service providers.
All products within the Tivoli category
- IBM Intelligent Building Management
- Maximo Adapter for Microsoft Project
- Maximo Archiving with Optim Data Growth Solution
- Maximo Asset Configuration Manager
- Maximo Asset Management
- Maximo Calibration
- Maximo Change and Corrective Action Manager
- Maximo Compliance Assistance Documentation
- Maximo Data Center Infrastructure Management
- Maximo Enterprise Adapter
- Maximo for Transportation
- Maximo Linear Asset Manager
- Maximo Mobile Inventory Manager SE
- Maximo Mobile Work Manager SE
- Maximo Mobile Work Manager with Calibration SE
- Maximo SLA Manager
- Tivoli Asset Management for IT
- Tivoli Release Process Manager
- Tivoli Unified Process Composer
- for Application Diagnostics
- for Applications
- for Microsoft Applications
- for SOA Platform
- for Transactions
- for Virtual Servers
- for Databases
- for Messaging and Collaboration
- for Virtual Servers
- for CICS Transaction Gateway on zOS
- for Databases
- for R3
- for WebSphere Application Server on zOS
- for WebSphere Integration Brokers on zOS
- Application manager
- for Integrated Operations Management
- IBM Application Manager for Smart Business
- Tivoli ETEWatch
- Tivoli IntelliWatch Pinnacle for Distributed Systems
- Tivoli Web Response Monitor
- Tivoli Endpoint Manager for Lifecycle Management
- Tivoli Endpoint Manager for Patch Management
- Tivoli Endpoint Manager for Power Management
- Tivoli Endpoint Manager for Security and Compliance
- for Inventory
- for Software Distribution
- IBM License Metric Tool
- Tivoli Application Dependency Discovery Manager
- Tivoli Business Service Manager for zOS
- Tivoli Capacity Process Manager
- Tivoli Change and Configuration Management Database
- Tivoli Configuration Manager for Automated Teller Machines
- Tivoli Endpoint Manager for Core Protection
- Tivoli License Compliance Manager
- Tivoli Provisioning Manager
- Tivoli Remote Control
- Tivoli Service Automation Manager
- Tivoli Workload Automation
- Tivoli AFOPERATOR on zOS
- Tivoli Availability Process Manager
- Tivoli Enterprise Console
- Tivoli OMEGACENTER Gateway on zOS
- Tivoli OMNIbus and Network Manager
- IBM Service Delivery Manager
- Tivoli Service Automation Manager
- Entry Edition
- Tivoli Network Manager Transmission Edition
- Netcool Performance Manager
- Netcool Performance Manager for Wireless
- Tivoli Netcool Service Quality Management Center
- Tivoli Netcool Service Quality Manager
- Tivoli NetcoolImpact
- Tivoli NetcoolOMNIbus
- Tivoli NetcoolOMNIbus Gateways
- Tivoli NetcoolReporter
- Tivoli NetcoolWebtop
- Tivoli NetView
- Tivoli NetView Distribution Manager
- Tivoli NetView Performance Monitor
- Tivoli OMNIbus and Network Manager
- Tivoli Performance Modeler for zOS
- DB2 Tools for zOS
- NetcoolPortal
- NetcoolProviso
- NetcoolRealtime Active Dashboards
- Tivoli Data Warehouse
- Tivoli Decision Support for zOS
- Tivoli Netcool Carrier VoIP Manager
- Tivoli Netcool Configuration Manager
- Tivoli Netcool Enterprise VoIP Manager
- Tivoli Netcool IP Multimedia Subsystem Manager
- Tivoli Netcool Network Mediation
- Tivoli Netcool Performance Flow Analyzer
- for Power Management
- Tivoli Endpoint Manager for Lifecycle Management
- Business Gateway
- Federated Identity Manager
- Tivoli Federated Identity Manager for zOS
- Tivoli Access Manager for Enterprise Single Sign-On
- Tivoli Identity and Access Assurance
- Tivoli Unified Single Sign-On
- Directory Integrator
- for zOS
- Tivoli Data and Application Security
- Tivoli Directory Server
- Tivoli Key Lifecycle Manager
- IBM Security Content Analysis Software Development
- IBM Security Network Active Bypass
- IBM Security Network Controller
- IBM Security Network Intrusion Prevention System
- IBM Security Server Protection
- IBM Security Virtual Server Protection for VMware
- IBM Security zSecure CICS Toolkit
- IBM Security zSecure Command Verifier
- IBM Security zSecure Suite
- Proventia Desktop Endpoint Security
- Proventia Management SiteProtector System
- Proventia Network Enterprise Scanner
- Proventia Network Multi-Function Security
- Tivoli Endpoint Manager for Core Protection
- Tivoli Security Information and Event Manager
- Tivoli Security Management for zOS
- Tivoli Identity and Access Manager
- Tivoli Compliance Insight Manager
- Tivoli Security Compliance Manager
- Tivoli Security Operations Manager
- DB2 Tools for zOS
- IBM Information Archive
- IBM System Storage Archive Manager
- Storage Manager Product line
- Tivoli Advanced Reporting for DFSMShsm
- Tivoli Automated Tape Allocation Manager for zOS
- Tivoli OMEGAMON XE for Storage on zOS
- Tivoli Tape Optimizer on zOS
- Storage Enterprise Resource Planner
- Tivoli Advanced Allocation Management for zOS
- Tivoli Storage Productivity Center
- Tivoli Storage Productivity Center Suite
- Tivoli Business Continuity Process Manager
- Tivoli Continuous Data Protection for Files
- Tivoli Storage Manager Product line
- Copy (3) of Tivoli Asset Discovery for Distributed
- Tivoli OMEGAMON XE for Messaging for Distributed Systems
- Tivoli OMEGAMON XE for WebSphere InterChange Server
- WebSphere Integration Brokers for Distributed Systems
- Tivoli Asset Discovery for Distributed
- DB2 Tools for zOS
- IBM Tivoli Editor for Messages on zOS
- Tivoli Advanced Audit for DFSMShsm
- Tivoli Advanced Backup and Recovery for zOS
- Tivoli Advanced Catalog Management for zOS
- Tivoli Asset Discovery for zOS
- Tivoli Composite Application Manager
- Tivoli Event Pump for zOS
- Tivoli Monitoring
- Tivoli OMEGAMON DE on zOS
- Tivoli OMEGAMON XE for Mainframe Networks
- Tivoli Output Manager for zOS
- Tivoli Storage Optimizer for zOS
- Tivoli System Automation for zOS