While I was in San Diego for the Catalyst Conference earlier this month, I kept running into Idan Shoham, CTO and co-founder of M-Tech Technology. It could be that the weather in San Diego was gorgeous, and Shoham lives in Calgary, Alberta (where summer usually comes on July 7. In the afternoon.). So we both headed to the outdoor verandah near the meeting rooms, or he may simply have been stalking me.
In either case, Shoham wanted me to understand that M-Tech was much more than a one- or two-product company these days. For a number of years, M-Tech was known for its P-synch tool - a password synchronization service that has slowly evolved to a full-fledged password management application featuring self-service password reset, help desk password reset and simplified administration of other authentication factors, such as hardware tokens and biometrics. For the past few years, M-Tech has also offered ID-synch, an enterprise provisioning product. Now, though, the company has gone all the way and is offering a fairly complete identity management suite called The M-Tech Identity Management Suite (Canadians aren't really known for their subtlety!).
The suite consists of six apps/services - P-synch, ID-synch and the following:
* ID-Certify - an enterprise compliance management that addresses the problem of identifying and removing excess access rights.
* ID-Access - a group management service for most platforms that support the concept of "groups." It enables users to browse for, and request access to, network directories through an intuitive Web-based interface. ID-Access can administer user access to folders, printers, distribution lists and other network resources.
* ID-Discover - an automated ID discovery and reconciliation product. It prompts users to enter their various login ID/password pairs into the system, and then builds a database or directory of user profiles.
* ID-Telephony - An enterprise password management software for use via the telephone. It allows users to reset their own passwords after authenticating to an interactive voice response (IVR) system.
When you browse over to the M-Tech Web site http://www.mtechit.com/ to learn more about these products (and I hope you will) be sure to download a copy of Shoham's white paper "Beyond Roles: A Practical Approach to Enterprise User Provisioning" http://www.idsynch.com/docs/beyond-roles.html.
While Role-based Access Control (RBAC) is important, too often it seems that company's with 1,000 users want to define 1,500 roles. This paper will help you to understand the importance of roles and their uses as well as other methods for ongoing control of user access requirements.