Role based provisioning for your partners

Posted by Edward Killeen on Thu, Jun 14, 2012

role based provisioningA common requirement for single sign on (SSO) for partners is that access to systems be role based.  This means that when a partner authenticates in to your system, you can give granular access to this user based on their role (or what you know about them).

For this to happen, you have to actually have roles and RBAC incorporated into your identity management system.  Specifically, it has to be ingrained into provisioning.

When provisioning a user, you can apply what you know about him/her to create some dynamic roles such as location, partner organization, title, et cetera.  As that role is defined, you can bake rules into your provisioning workflow to determine what systems he/she needs access to.  For example, a VP in your reseller partner organization will get management access to Salesforce as their account is provisioned.  The purchasing agent in your distributor partner gets access to your supply chain system for the products that they are involved in.

This idea of role based provisioning is the pre-cursor to role based access control.  You want your provisioning workflows to put users in the correct systems only.  Just giving them accounts in an Active Directory OU is not enough, you need it granular and you need it to be accurate.

This is where a visual workflow designer makes a huge difference.  It is much easier to design decision trees if you are doing it the way you would design it on a whiteboard, with easily understandable shapes and logic.

Your partners vary more than your employees, they have different needs, offer different benefits to your organization and should have different access.  Role based access control and role based provisioning are more important for partners than employees even.  You want to control what they can do on your network even more tightly.

Creating granular roles and supplementing it with attributed based access control (ABAC) will enable you to keep your partners effective and secure.  Let us take you for a tour of how to design these role based provisioning workflows and put partners in their place!

 

Click me

Tags: Role Based Access Control (RBAC)