用户身份与访问管理（IAM）

芯盾时代用户身份与访问管理Identity and Access Management (IAM)依托移动安全认证核心技术，通过身份治理、权限管控、单点登录、风险检测响应，实现企业员工业务系统的统一身份访问，解决企业信息化管理难、用户使用不便、认证授权不安全等问题。芯盾时代IAM产品开创性的将身份认证载体迁移到用户手机设备，通过短信、扫码、动态口令、推送、人脸识别、微信、钉钉、CA等多种认证技术，为用户提供免密的身份认证安全体验；通过连续自适应风险与信任评估，实现应用资源操作动态访问控制，以零信任理念保障业务安全。

产品功能

身份治理对用户（HR）、身份（IAM）、账号（应用）进行治理及管理，通过映射、关联等方案，实现用户到应用账号自动化流转的用户全生命周期管理模型，形成统一用户身份，简化账号管理工作，建立身份安全基础。

权限管理综合运用ABAC与RBAC权限模型，建立用户属性、用户组、应用权限三者之间的动态关联，实现默认授权与动态权限调整。自动分组策略支持用户任意属性关联权限组，如用户状态、用户类型、用户岗位、用户部门、用户职级等。用户自动分组策略与用户同步、用户管理、用户应用账号下发功能相结合，形成完整的自动化授权体系。

安全认证通过善认APP提供移动安全认证能力，实现PC端应用与移动端应用免密认证，同时提供善认SDK供业务APP集成，实现同样的移动安全认证能力。

应用场景

统一身份管理

企业一般由HR系统管理组织用户，可能存在多套组织架构，以及非正式员工管理需求。IAM通过整合企业零散的组织用户数据，形成权威的组织用户体系，并供应给应用系统。
统一身份认证

用户通过统一门户登录认证后，可以免密登录门户里面的任何应用系统。依托移动安全核心技术、提供多种认证能力、灵活认证策略、丰富认证业务场景，满足企业安全、合规、易用诉求。
统一权限管理

用户权限管理涉及用户拥有哪些应用访问权限、用户应用账号具备哪些权限。传统方案是由管理员给用户开通应用账号并分配权限，开通账号即代表用户拥有该应用访问权限，完全依靠人工管理，存在严重安全隐患以及较大管理工作量。IAM系统综合运用ABAC与RBAC权限模型，建立用户属性、用户组、应用权限三者之间的动态关联，实现默认授权与动态权限调整。
统一安全审计

利用零信任理念、流式计算技术、规则引擎技术，实现对管理员操作行为、用户登录认证行为、用户应用访问行为、用户应用资源操作行为的风险审计与动态访问控制功能。

产品特色

统一身份治理

对用户、身份、账号（应用）进行统一管理，通过映射、关联等方式，实现用户到应用账号自动化流转的全生命周期管理模型，简化账号管理工作，建立身份安全基础。

安全身份认证

支持密码、短信、扫码、动态口令、推送、人脸识别、微信、钉钉、CA等多种认证方式，提供单点登录、双因素认证、免密认证等多种业务形态，满足不同场景下的业务需求。

统一权限管理

通过DAC、RBAC、ABAC授权模型，支持岗位授权、用户组授权、部门授权、用户授权、应用授权及基于风险行为的动态授权。

部署简单高效

采用SpringBoot微服务构建，兼容SpringCloud微服务框架与K8S/Docker容器平台，支持横向扩展、高可用、高并发。

Products & Services

Human-Centered Zero Trust Business Security Protection System

Home > Products > Enhanced Identity and Access Management (EnIAM) > Identity and Access Management (IAM)

Identity and Access Management (IAM)

Trusfort's IAM relies on the core technology of mobile security authentication. Through identity governance, authority control, single sign on and risk detection & respond, it can realise the unified identity access of enterprise employees' business system, and effective solve the problems, for example enterprises have issues in informatisation management, products are not easy for users to use, authentication and authorisation are not secure.Trusfort's IAM creatively migrates the identity authentication carrier to the user's mobile phone, and provide users with password-less authentication security experience through SMS, code scanning, OTP, pushing, face recognition, WeChat , DingTalk, CA and other authentication technologies. Through continuous adaptive risk and trust assessment (CARTA) , the product can realise dynamic access control to application resources and eventually safeguard business security with the Zero Trust concept.

Functions

Identity Governance It can govern and manage human users (HR), identities (IAM) and accounts (applications). Through mapping, association and other solutions, the product is able to realise the automatic flowing full-life cycle management from users to application accounts, in order to form an unified user identity, simplify account management, and establish an identity security foundation.

Authority Management It comprehensively uses ABAC and RBAC authority models to establish the dynamic relationship among user attributes, user groups and application authority to realise the default authorisation and dynamic authority adjustment. The user automatic grouping policy supports the association of any attribute of users with authority groups, such as user status, user type, user position, user department, user position, etc. The user automatic grouping policy is combined with user synchronization, user management and user application account distribution functions to form a complete automatic authorisation system.

Security Authentication It can do the password-less authentication of PC applications and mobile applications through mobile and secure authentication cability provided by Shanren App. In the meantime, it is able to integrate business Apps through Shanren SDK and then achieve the same cability.

Scenarios

Unified Identity Management

Enterprises normally use the HR system to manage users, thus there may be multiple sets of organisational structures and the needs for managing informal employees. Through integrating scattered organisation user data of the enterprise, IAM can form an authoritative organisation user system and supply the data to the application system.
Unified Identity Authentication

After passing unified potal login authentication, users are able to access any application system with passwordless authentication. Based on mobile security core technologies, mutliple authentication capibilities, flexible authentication policies and various business scenarios required authentication, the product is able to satisfy enterprises demands for security, compliance and easy to use.
Unified Authority Management

User's authority management includes what applications users have access to and what authorities that users' accounts have. In the coventional solutions, the administrator opens the application account and assigns permissions to the user. Opening the account means that the user has access to the application. It completely depends on manual management, which has serious potential risks about security and large management workload.IAM comprehensively uses ABAC and RBAC authority models to establish the dynamic relationship among user attributes, user groups and application authority, and realise default authorisation as well as dynamic authority adjustment.
Unified Secure Audit

It uses zero trust concept, streaming computing technology and rule engine technology to conduct risk auditing and dynamic access control on administrator operation behavior, user login authentication behavior, user application access behavior and user application resource operation behavior.

Features

Unified Identity Governance

Manage users, identities, accounts (applications) in an unified way. Through mapping, association and other means to achieve the full cycle management model of automatic transfer of users to application accounts, simplify account management, and ensure the identity security.

Secure Identity Authentication

It supports SMS, code scanning, OTP, pushing, face recognition, WeChat, DingTalk, CA and other authentication technologies. And it can provide a variety of business forms, such as single sign-on, two-factor authentication, password-less authentication, to fit the different business scenarios.

Unified Authority Management

Through DAC, RBAC, ABAC authorisation model, the product supports position authorisation, user group authorisation, department authorisation, user authorisation, application authorisation and dynamic authorszation based on risk behaviour.

Simple & Efficient Deployment

It builds with SpringBoot micro-service and is compatible with SpringCloud micro-service framework as well as K8S/Docker container platform, plus supports horisontal scaling, high availability, and high concurrency.