Hoping to streamline the process of identity management and security among different companies and even among products that lack a common security scheme, IBM on Monday rolled out its Tivoli Federated Identity Manager.
The new offering is intended to help larger IT shops simplify the user registration and sign-on procedures for both internal and external services either across a single enterprise or a business partner ecosystem. The product is capable of securely linking employees and their customers to third-party organizations without the need to create another user ID and password or re-authenticating existing users, according to company officials.
The inspiration for the product's creation is the increasingly complex task most IT shops face in creating and managing identity and authentication processes for not just their own employees based in multiple locations across the country, but adding in sometimes hundreds of employees who are with new business partners or suppliers.
"Many IT shops we talk to are already overburdened with managing multiple sets of IDs and passwords from their own company. But every time a company adds a new partner, you are effectively adding another 100 employees to that shop. But with federated technology, all user IDs, passwords and password resets can be managed by the original identity provider," said Joe Anthony, Director of Identity Management at IBM Tivoli.
Offering an example of how the new technology can solve sometimes tangled identity problems, Anthony cited a user logging into his employer's site to check health benefits or his or her 401K statement. Typically today, he said, that user must go to a third-party site using another user ID and password. With Federated Identity Manager, however, such a user can access his company's site as well as the third-party site using the same ID and password.
"The product allows the two Web sites to do the security credential flows under the covers, all of which is transparent to the user," Anthony said. "And in a business scenario, for instance, a cell phone provider could offer its own services as well as those of another provider, and users wanting any or all of them could gain access using a single ID and password," he said.
In addition to the product's single sign on capabilities, other new features include the improved capability to integrate scattered business silos that have different security infrastructures, better identity authentication and account lifecycle management, which can serve to improve compliance and corporate governance audit readiness, and an improved capability to consolidate customer care systems, which offers users a holistic view of their customers across their different business silos.
The new product complies with the standards set by major standards organizations fostering federated identity standards, including the Liberty, SAML, WS-Federation, and WS-Trust.
T. Rowe Price, a large investment management company has already deployed the Tivoli Federated Identity Manager for both internal and external users. Company officials appear to have had little difficulty implementing it thus far.
"Tivoli Federated Identity Manager provided us a way to introduce services in a standards-based way to our existing user base," said Kirk Kness, vice president at T. Rowe Price. "With the software, we were able to provide vendors with a solution based on open standards," he said.
For more information about the new product, users and developers can go to www.software.ibm.com.