Identity & Access Management (IAM)
Alibaba Cloud Identity as a Service (IDaaS) is a cloud-based identity and access management service (IAM) covering comprehensive functions that enable user portal, user directory, flexible authentication, single sign-on, centralized authorization, and audit reporting.
Provide Enterprise-Level Unified Identity Service
IDaaS plays a central role in enterprise identity management by removing ID silos and enabling one account-access-all function. IDaaS incorporates advanced security technologies that will facilitate identity management and enable enterprises to enhance their identity security to improve management efficiency.
Eliminate Redundant Passwords for All Users
IDaaS supports all standard SSO protocols, which allows enterprises to connect to all mature enterprise services. Passwords are eliminated and security risks are reduced significantly. Users can painlessly and securely store dozens of passwords.
Connect Identities among Sources across Cloud Platforms
IDaaS may serve as a bridge for other cloud platform identities to be connected to Alibaba Cloud. A cloud identity management solution is usually the fundamental requirement for an enterprise to set foot in cloud services. IDaaS can bridge identities between Alibaba Cloud, private environments, and several public cloud providers.
Cloud-Based Identity Security Platform
5A Unified Certification Platform
Docking web applications, mobile applications, desktop applications, and IoT devices provide users with integrated services that include access control, single sign-on, and application portals.
According to the department or role of the user, the accessible range can be managed easily. Authorization or revocation can be centralized to achieve one configuration and take effect globally.
Provide unique user identity data for enterprise information construction with complete account life cycle management.
Trace user behaviors and provide real-time audit reports to keep managers informed about the efficiency of the company’s digital assets.
Centrally verify user identity, configure multi-factor authentication (MFA), and support third-party authentication sources.
How Can I Use It ?
Push the data from the identity source to IDaaS to complete the initialization of the IDaaS account data. IDaaS supports excel import, SCIM push, and AD/LDAP import to achieve this goal.
Integrate all current applications into IDaaS. Complete single sign-on integration through the standard single sign-on protocol or through IDaaS customization for large clients.
Integrate according to standard the SCIM/LDAP protocol to provision from and to IDaaS. IDaaS may also provide customized services to integrate with other incompatible third-party applications.
Permission System Integration
Define the resource, role, and permission relationship in IDaaS through API to complete the permission integration of the application system.
Use AD credentials, biometrics, SMS verification, code and common social logins as external authentication sources to access IDaaS. Enable our Authentication Adapter Management menu after some simple configuration.
Help companies build proprietary portals
Employees, partners and customers of the enterprise can access all authorized applications with one click through the unified portal provided by IDaaS.
Decentralized login address and password management issues
The application systems introduced by enterprises are increasing year after year, and users need to remember more addresses and passwords. This can easily lead to problems, such as reduced work efficiency and difficulty in promoting new applications.
At the same time, some countermeasures commonly used by users when managing multiple passwords, such as simple passwords and the same passwords, also bring more security risks that allow attackers to access your system easily.
Cloud-native directory service
Provide unique user identity data for enterprise information construction, and centralized account lifecycle management, with updates automatically synchronized downstream, unlimited expansion, and permanent online.
Solve the problem of employee account information silos and management omissions
Due to the information solis problem caused by development isolation between multiple application systems of the enterprise, the process of employee onboarding and transfer is complicated and time-consuming, and the account permissions are not completely recovered after leaving the job.
Additional R&D and O&M costs
The local deployment of directory services by an enterprise requires a large amount of operation and maintenance resources and requires periodic application for authorization for capacity expansion. At the same time, the repeated construction of account management by each application system brings new R&D and maintenance costs.
Provide a unified multi-factor certification center
It can centrally configure authentication factors other than multiple passwords, including biometrics such as dynamic tokens, certificates, faces, and fingerprints. A variety of common third-party certification sources can be integrated. At the same time, it provides a developer API to support other applications to use IDaaS's identity authentication capabilities.
Security issues caused by password vulnerability
Easy password settings places enterprise IT system under huge security risks causing system vulnerability of both database and application from illegal cyber activities. It has been proved countless incidents of credentials leakage and even customer digit assets lost that had caused irreversible economic results.
Provide visual centralized authorization capabilities
According to the user name or the department where the user is authorized to access it, it can be configured once and take effect globally.
Decentralized authorization management issues
When dealing with requirement of various applications authorization distributed over multiple domains, extra resources are required and is therefore placing enterprise subjected to additional IT management cost.
Whenever there occurs organization structure change that causes possible improper authorization operations there would always trigger risky interruption to daily enterprise operation.
Help managers understand user behavior and asset usage at any time
Detailed records of all user behaviors and administrator operations, and the formation of visual reports, allowing managers to keep track of the use of corporate digital assets at any time.
Decentralized audit log issues
Traditional logging systems is not regarded as management friendly and to build up from ground a centralized log-based auditing system normally introduces increased IT development cost.
Meanwhile setup of identifying system of malicious access or other potential risky behaviors by users’ historical behaviors would not be possible with current decentralized logging systems.
Upgraded Support For You
1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Free Tickets.