RS: Access control (IAM)

Authentication systems, identifications and authorizations serve as the tool for creation of centralized systems of identification of users, management of accounts in OS, databases, applications and repositories which provide a possibility of creation and the subsequent electronic approval of requests for providing access of automatic exercise based on approval.

RS "Access control" allows to construct an end-to-end system of security management which cornerstone the set criteria of roles and the privileges of users are. The management system for identification and authorization allows to unify these processes for internal and external applications. Uniform management of accounts increases security and significantly facilitates user administration for all types of applications and databases.

Implementing solution increases efficiency of joint work with resources of corporate network due to reduction of time of providing access, the organization of single registration of users (SSO) and a possibility of self-service of users that, in turn, reduces costs for administration.

RS "Access control" has modular structure therefore can be implemented as in small and medium-sized companies (with basic feature set), and in the large organizations (with an expanded set of functions). Big customers require support of the uniform procedure of authentication and authorization when all applications work in a uniform landscape of access rights therefore the administrator can always make sure what users in what systems work at present or worked and to manage on a centralized basis not only roles, but also their structure (before the solution of such level of the Russian development were not presented at the market, and customers mainly used solutions of Oracle or IBM for the solution of similar tasks). At emergence of an incident the administrator can complete a session of any user in all information systems.

In RS "Access control" process of input of the new user and investment with its necessary rights takes only a few minutes. After in a personnel system the order on acceptance of the employee for work is carried out, to it the rights in information systems are automatically created. As basic (e-mail, the domain Active Directory, etc.), and appointed according to its role model in the company and a post. If the employee needs additional access rights, he can submit the application which after passing of approval will be automatically performed via the system interface. Algorithms of approval can be configured at an implementation stage, and further to make any corrections to them.

The module GRC (Governance, risk management and compliance) allows to build business processes in the company on the basis of risky models, i.e. actually classifies access rights by the level of risks which they bear. Risks are calculated in points and are summed up. If the employee submits the application which has the set high level of risk, then process of her statement without fail joins a security service. Also this module allows to create and support automatically relevant a role model when sets of access rights are defined by division and the employee's position.

In the architectural plan the solution of RS "Access control" is constructed on the free software and also on a proprietary program code of RedSys, including support of the Apache Tomcat application server and DBMS PostgreSQL. All the rest, including the web interface, is developed in Java environment c by use of open freymvok.

Functional characteristics of RS "Access control":

1. Cross-platform and a possibility of installation based on freely distributed software:

• Operating systems Linux and Windows.
• Support of different database management systems (PostgreSQL, Oracle Database, MS SQL Server, etc.).
• Support of different Web servers (Apache Tomcat, Jetty, etc.).

2. Security

• Flexible mechanism of setup of the administrative rights of a system.
• Audit of all actions with history logging of change of data of a system.
• Own authentication module and authorizations with a possibility of setup of end-to-end access to a system based on Windows domain.

3. Usability

• Friendly web interface.
• Different styles of a design with a possibility of personalisation under the user.
• Simple procedure of customization and branding of the web interface.

4. Main Functions

Connectors to different sources of reliable data:

• The structured files (XML, CSV and others).
• Databases (Oracle Database, MS SQL Server and others).
• LDAP directories.

Connectors to different direct systems:

• MS Active Directory.

• IBM Lotus Notes.

• Systems with management of UZ and access rights through web services.

• MS Exchange.

• Databases (Oracle Database, MS SQL Server and others).
• LDAP directories.

possibility of development of own connectors.
Manual and automatic control of employees and creation of an organization structure.

• A possibility of creation of a role model taking into account different criteria and in particular appointments of the employee (a principle place of employment, combining jobs, etc.).

Management of UZ and access rights on the basis of requests.

• Flexible mechanism of setup of processes of approval.
• Support of requests for time.
• Possibility of appointment of deputies for approval of requests.

mode of self-service of users.
Change control of access rights in direct systems for identification of unauthorized changes .

5. Authentication

• Providing uniform authentication mechanisms for the systems of three-unit architecture.
• Transparent pass-through authentication with control of sessions.

6. Authorization

• Uniform mechanisms of authorization for external systems of three-unit architecture.
• Control of the actual structure of groups of access and roles for the integrated systems.

7. Centralization

• Formation of a uniform role model for several copies of RS: Access control.
• Creation of the summary reporting and ensuring control.
• Approval of requests.

8. Reporting

• A big set of the preset historical and operational reports.

Since 2016 the solution is included in the register of domestic software, and the certification process in FSTEC is actively conducted now.