Palladium identity authentication and access security management system (IAM) is used to define and manage digital identities, securely control authentication and authorize them to use specific resources, ensure that digital identities are well maintained, adjusted, controlled and monitored throughout the "access life cycle", and provide customers with the ability to modify user identity roles, track role activities Tools and techniques for creating user activity reports and implementing management policies.
IAM supports flexible modular deployment. Enterprises can choose the following subsystems according to their actual needs to build an enterprise ecological platform of "enterprise unified portal", "application single sign on", "centralized account control", "authentication access authorization management" and "unified audit traceability and threat analysis".
Application safety management and control system (iam-casb)
Iam-casb consists of one basic module and two extension modules
Single sign on management module (iam-sso)
Iam-sso does not need the secondary development of the user business system to realize the single sign on of the HTTP / HTTPS business system account. Each business system can uniformly set multi factor strong identity authentication on the Iam platform, including radius, ad, LDAP, OTP, digital certificate, SMS, wechat, fingerprint, etc;
Application account management module (iam-acm)
The iam-acm module provides the establishment of a centralized account management system and the implementation of the effective life cycle management strategy of user accounts. The addition, deletion and modification of business system accounts caused by personnel changes can be managed only through Iam. On the basis of centralized account management, establish a centralized account authorization system and the access relationship between authorizers, applications and resources, which can support periodic automatic modification of business accounts and eradicate the problem of weak passwords;
Application security reinforcement module (iam-wvp)
Iam-wvp establishes a white list model for all business file paths and business parameters through high-fine-grained feature library defense and the exclusively developed "white list" dynamic modeling technology, eliminating the tedious work of reinforcing parameters in the source code;
Operation and maintenance safety management system (iam-sms)
Provide support for various operation and maintenance protocols and tools, expand a variety of multi factor identity authentication methods, unify the rational division of permissions, centralized access control, support single sign on, account and password filling, seamless application publishing, support mobile operation and maintenance and distributed clusters, and quickly meet compliance requirements;
Security policy control system (iam-scm)
Iam-scm uses TCP quintuple control to prevent business personnel from bypassing the Iam platform to directly access the business system. It can support two modes: Series deployment and bypass deployment. Bypass deployment can also achieve 100% blocking effect, and can effectively control the connection initiated by the intranet host to the extranet service port;
Audit traceability and threat analysis
The Iam platform can conduct comprehensive audit records on the access of enterprise business personnel to OA, ERP, CRM, his / boss and other systems, standardize the recording of business form information, access URL information, etc., and generate e-mail and SMS reminders for the logs that trigger security policies; Uniformly display and analyze all delivery information at the operation and maintenance level and business level of the enterprise, and can trace the whole business delivery process of Iam users. Help enterprises protect confidential information, continuously improve information system management system, and meet compliance and best practice requirements.