Use Cases

Integrating identity and security technologies to address is a specific requirement is just one piece of the puzzle.  A broader business initiative, such as Office365 or Digital Transformation, also require an identity-centric approach to ensure security and an optimal user experience.  Use Cases are blueprints that combine IDSA Security Controls for a complete solution and provide a roadmap for a comprehensive platform

Share your thoughts on these Use Cases in our on-line community.

Access Management Utilization of Risk Data

Access Management has integration with Fraud and Risk system. This integration allows Access Management to determine the authentication flow based on a risk profile. If zero to small risk, let the user authenticate seamlessly, if larger risk make the authentication process more secure (MFA, potentially fail authentication all together)

MFA For Public/Private Cloud Application Consolidation

The integration between Access Management and Network Security allows users to authenticate web applications that exist in both the public and private cloud infrastructures used by organizations. The implementation of this integration allows users to access the applicable applications regardless of the deployment model.

Step-up Authentication to the Privileged Access Management Application

Users needing access to Privileged Access Management application will be prompted with a step-up authentication challenge based on their risk score within the Identity Fraud and Risk application.

User Authentication From Different Device Types

Access Management will be configured to detect user authentication from multiple device types within the same authentication session. If multiple authentications are identified, Access Management will force an MFA Challenge. If the MFA Challenge fails on a mobile device, the Enterprise Mobility Management (EMM) application will lock the device as a possible compromised device.

Access Management Checks Cloud Access Security Broker

Access Management has integration with Cloud Access Security Broker (CASB) and its compromised credential database, it will utilize this integration to verify that the user attempting to authenticate has an un-compromised account. If this account is compromised, Access Management can react accordingly.

Access Management Verifies Enterprise Mobility Management Status of Mobile Device

A user’s mobile device can be managed by Enterprise Mobility Management (EMM) and with this management is the ability to determine whether or not that device is in a compromised status.  Access Management will utilize the status to make a determination on whether or not to allow access to its portal.

Compromised Enterprise Mobility Management Device Initiates Security Restrictions

Enterprise Mobility Management (EMM) has integration with many IDSA applications so that it can share information when a user’s device has been compromised. These applications can then act on this information by disabling the end user’s access until the situation has been resolved

Access Management Cloud Access Security Broker Security Policy Enforcement

Access Management can SSO using the Cloud Access Security Broker’s (CASB) proxy server in order to provide robust auditing and policy enforcement that is seamless to the end user 

Data Access Governance Initiated Data Security Enforcement and Remediation

Data Access Governance (DAG) applications have integration with Identity Governance applications for the purposes of remediation of inappropriate permissions on folders containing sensitive data   

Data Loss Prevention Initiated MFA Using Profile Attributes

Data Loss Prevention (DLP) applications have integration with Access Management applications for the purposes of MFA enforcement. This enforcement will be accomplished during DLP detection event and based on the title of the end user’s identity  

Cloud Access Security Broker Initiated Data Classification Discovery

Cloud Access Security Broker (CASB) has integration with Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to action at rest files and documents scanned and classified. If a document is classified at a certain level, the CASB will respond appropriately.

Data Classification to Invoke User-based Data Loss Prevention for Uploaded Content

Cloud Access Security Broker (CASB) has integration with the Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to tie a user - attempting to interact with a document classified using data classification technology – to policy. If that user is inappropriately interacting with that document, the CASB will respond appropriately

Data Classification to Invoke User-based Data Loss Prevention for Cloud Created Content

Cloud Access Security Broker (CASB)  has integration with the Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to tie a user - attempting to interact with a document classified using data classification technology – to policy. If that user is inappropriately interacting with that document, the CASB will respond appropriately

Identity Governance Attestation of Privileged Access Management Accounts

Privileged Access Management (PAM) has a list of all accounts that are considered privileged. Identity Governance can use this list of privileged accounts to provide scheduled compliance reviews.