ibm.com
/redbooks
Red
paper
Front cover
Addressing Identity, Access,
and Compliance Requirements
Using IBM Tivoli Identity and Access Assurance
Axel Buecker
Ryan Fanzone
Leandro Hobo
Mike Maurer
Introduces security solution and
security management components
Describes tangible business
benefits and investment returns
Provides customer
deployment scenarios
International Technical Support Organization
Addressing Identity, Access, and Compliance
Requirements Using IBM Tivoli Identity and Access
Assurance
September 2010
REDP-4548-00
© Copyright International Business Machines Corporation 2010.
All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corp.
First Edition (September 2010)
This edition applies to Version 1.1 of the IBM Tivoli Identity and Access Assurance offering, Product number
5724-X91.
Note:
Before using this information and the product it supports, read the information in “Notices” on page v.
© Copyright IBM Corp. 2010. All rights reserved.
iii
Contents
Notices
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Preface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vii
The team who wrote this paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vii
Now you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Stay connected to IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Chapter 1.
IBM Tivoli Identity and Access Assurance
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1
Overview of the solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1.1
Help automate the management of compliance initiatives . . . . . . . . . . . . . . . . . . . 2
1.1.2
Help with operational efficiency and cost reduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.3
Help address security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.4
Help improve user productivity and cost reduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2
IBM Tivoli Identity and Access Assurance components . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2.1
IBM Tivoli Identity Manager V5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2.2
IBM Tivoli Access Manager for Operating Systems V6.0 . . . . . . . . . . . . . . . . . . . . 4
1.2.3
IBM Tivoli Security Information and Event Manager V2.0. . . . . . . . . . . . . . . . . . . . 4
1.2.4
IBM Tivoli Unified Single Sign-On V1.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2.5
Included IBM middleware products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3
Tangible benefits and return on investment (ROI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3.1
Impact on business drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.3.2
Impact on IT operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2.
Customer scenarios
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1
Single sign-on and centralized user ID management for employees . . . . . . . . . . . . . . 13
2.1.1
Phase 1: Implementing an automatic provisioning service . . . . . . . . . . . . . . . . . . 14
2.1.2
Phase 2: Implementing password-reset self-service. . . . . . . . . . . . . . . . . . . . . . . 18
2.1.3
Phase 3: Implementing enterprise single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.2
Log and access management for audit readiness . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.2.1
Phase 1: Implementing improved log management . . . . . . . . . . . . . . . . . . . . . . . 26
2.2.2
Phase 2: Implementing improved access controls for applications. . . . . . . . . . . . 31
2.3
Accessing services from external business partners . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.3.1
Phase 1: Enabling access to third-party business services . . . . . . . . . . . . . . . . . 38
2.3.2
Phase 2: Enabling federated identity-management-based access. . . . . . . . . . . . 41
2.3.3
Phase 3: Implementing centralized logging and reporting . . . . . . . . . . . . . . . . . . 43
2.4
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Related publications
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
How to get Redbooks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
iv
Addressing Identity, Access, and Compliance Requirements Using IBM Tivoli Identity and Access Assurance
© Copyright IBM Corp. 2010. All rights reserved.
v
Notices
This information was developed for products and services offered in the U.S.A.
