The IDSA has worked collaboratively to define vendor agnostic integration patterns or use cases that are available to organizations – technology vendors, solution providers and end customers – to utilize in the development of roadmaps, implementing integrated architectures and as the basis of service offerings.  The use cases can be implemented with a combination of technologies (IDSA components) and vendor to vendor integrations (IDSA integrations).  The IDSA components listed meet the minimum required capabilities for the use case and the IDSA integrations identified with an "*" have been validated by the IDSA technical working group,  providing additional confidence to customers that they meet the requirements of the use case and will work as expected. The vendor-to-vendor integrations have been developed through technology alliance programs such as the SailPoint Identity+ Alliance, CyberArk Connected and SecureAuth Connected Security Alliance, as well as through strategic relationships.  

For more information about the vendor to vendor integrations, contact the appropriate technology vendor or your solution provider.  

Use Case Title and Description

IDSA Components

IDSA Integrations

Access Management Utilization Of Risk Data

Access Management has integration with fraud and risk system. This integration allows Access Management to determine the authentication flow based on a risk profile. If zero to small risk, let the user authenticate seamlessly, if larger risk make the authentication process more secure (MFA, potentially fail authentication all together).

MFA For Public / Private Cloud Application Consolidation

The integration between Access Management and Network Security allows users to authenticate web applications that exist in both the public and private cloud infrastructures used by organizations. The implementation of this integration allows users to access the applicable applications regardless of the deployment model.

Step-Up Authentication for a Privileged Access Management Application

Users needing access to Privileged Access Management application will be prompted with a step-up authentication challenge based on their risk score within the Identity Fraud & Risk application.

User Authentication From Different Device Types

Access Management will be configured to detect user authentication from multiple device types within the same authentication session. If multiple authentications are identified, Access Management will force an MFA Challenge. If the MFA Challenge fails on a mobile device, the EMM application will lock the device as a possible compromised device.

Access Management Checks Cloud Access Security Broker

Access Management has integration with Cloud Access Security Broker and its compromised credential database, it will utilize this integration to verify that the user attempting to authenticate has an uncompromised account. If this account is compromised, Access Management can react accordingly.

Access Management Verifies Enterprise Mobility Management Status of Mobile Device

A user’s mobile device can be managed by Enterprise Mobility Management and with this management is the ability to determine whether or not that device is in a compromised status.  Access Management will utilize the status to make a determination on whether or not to allow access to its portal.

Compromised Enterprise Mobility Management Device Initiates Security Restrictions

Enterprise Mobility Management has integration with many IDSA applications so that it can share information when a user’s device has been compromised. These applications can then act on this information by disabling the end user’s access until the situation has been resolved.

Access Management Cloud Access Security Broker Security Policy Enforcement

Access Management can SSO using the Cloud Access Security Broker’s proxy server in order to provide robust auditing and policy enforcement that is seamless to the end user.

DAG Initiated Data Security Enforcement and Remediation

DAG applications have integration with Identity Governance applications for the purposes of remediation of inappropriate permissions on folders containing sensitive data.

  • No integrations are necessary to meet this use case.

DLP Initiated MFA Using Profile Attributes

DLP applications have integration with Access Management applications for the purposes of MFA enforcement. This enforcement will be accomplished during DLP detection event and based on the title of the end user’s identity. 

Identity Governance Attestation of Privileged Access Management Accounts

Privileged Access Management has a list of all accounts that are considered privileged. Identity Governance can use this list of privileged accounts to provide scheduled compliance reviews.

SIEM risk detection and Notification to Service Management, CASB, Fraud & Risk 

Security Information and Event Management (SIEM) is configured with the ability to detect configured events that are deemed suspicious in nature. Once these events have been identified, the Security Information and Event Management application will do the following:

  • Create a Service Management incident for investigation
  • Update the risk score of the Fraud & Risk application 
  • Calls Network Security Application to revoke user token, which results in user-based access modification to a more restricted set of applications

UEBA risk detection and Notification to Service Management, CASB, Fraud & Risk

User Entity and Behavior Analytics (UEBA) is configured with the ability to detect configured events that are deemed suspicious in nature. Once these events have been identified, the User Entity and Behavior Analytics application will do the following: 

  • Create a Service Management incident for investigation
  • Update the compromised credentials database of the Cloud Access and Security Broker
  • Update the risk score of the Fraud and Risk application