|
Lecturer(s)
|
-
Vohnoutová Marta, Ing.
-
Horal Pavel, Bc.
-
Macek Martine, Ing.
|
|
Course content
|
Content: Theory 1) Needs of organization, when it is useful to implement the Identity Management (IdM). 2) What is IdM and what it solves. 3) What is Access Management (AM) and what it solves. 4) IdM and AM interconnection 5) How the IdM is bound with its surroundings a) IdM - subordinated and superiored systems 6) Rules of IdM implementation and its integration with the surroundings 7) Superior systems a) Interconnections of IdM and HR systems. Description of situation which could occur. b) Initial data reading c) Organization structures and its changes d) Personal data clearing e) Connection with registries - password policies, list of applications f) Interconnections of IdM and intranet portals 8) Internal IdM structure a) users b) applications c) technical accounts d) external workers e) more work engagements of one user f) maternity leave, jail, long-term diseases 9) Philosophies of access right granting a) automatic access right granting b) manual access right granting - requests and approvals c) removing of access rights 10) Workflows and their features and goals a) workflow dead ends b) maximal workflow delays c) escallations d) delegations e) temporary replacements 11) Hierarchy, roles, sets, access rights 12) User access rights 13) Access rights bound with a position which the user actually takes 14) RBAC model 15) Enhanced RBAC model 16) Optimization of RBAC model 17) Mandatory attributes, skills ? 18) Internal IdM roles - approvers, garants of roles, data administrators... 19) User self-service (access right requirements, list of his/her actual access rights, accounts, runnung approval workflows etc.) 20) Subordinate systems a) application types, possible ways of their connection to the IdM b) webservices c) proprietary connectors d) communication via files e) communication via Service Desk f) feedback from subordinate systems - reconciliation, synchronizing... g) passwords, password management, password reset, password policy, self-service 21) IdM as an information base for for applications - data propagation to AD, to Exchange, to intranet portal, API for applications 22) problem with growing inconsistency between data in IdM and subordinate systems a) access right removing - no one asks for access right removal b) leaving employees - zombie in systems c) removing of accounts in case of insufficients licencies d) no keeping of the rule of superiority and subordinity 23) fighting with administrators - lowering of their rights 24) Discipline - setting of accounts and their access rights from up to down 25) Working activities - descriptions - definitions of roles and sets 26) Systemization - definition, theory and impacts 27) Catalogue of type positions, optimizing of organizational structure 28) Practice - Binding of the Catalogue of type positions with the design of sets in IdM Praxe 1) Seznámení s logikou jednoho z IdM produktů DirX 2) Instalace DirX 3) Nastavení systému 4) Seznámení se systémem 5) Cvičení a) Nadřízený systém - personální data - připravený csv soubor b) Nastavení vnitřní struktury IdM I) uživatel II) uživatelova práva III) uživatelův účet v AD c) Podřízený systém AD I) založení uživatelova účtu prostřednictvím IdM - počáteční impuls - přidání řádky do csv souboru II) přidělení přístupových práv uživateli v AD (přidání do skupin) podle nastavení v IdM
|
|
Learning activities and teaching methods
|
Dialogic (discussion, interview, brainstorming), Individual tutoring, Group work
- Class attendance
- 30 hours per semester
- Preparation for credit
- 10 hours per semester
- Preparation for classes
- 10 hours per semester
|
|
Learning outcomes
|
The goal is to teach students with RBAC model and with the Identity and Access Management. After passing this course, the student should be able to suggest a basic scheme of the access right management for the particular type of organization.
After passing of this course, the student will be able to design the Identity and Access Management System to comply with the requirements of the organization and its type. He/she will be able to create the model of access rights of the organization, its relations, and the system of assigning of access rights anf their approving. The student will be able to program and set up the Identity Management System the way, that its function would complzy with the suggested design. The student will be able to adjust the design to the security strategy of the organization.
|
|
Prerequisites
|
Orientation in design of IT systems and in IT keywords. A student must be able to suggest and create own programs. Basic orientation in keywords Identity and Access Management anad Federation identity.
|
|
Assessment methods and criteria
|
Student performance assessment, Analysis of student's work activities (technical works)
During the course, the student will pass both theoretical and practical part. Both parts contain questions and tasks. In the practical part, the student will learn to program and set up the IdM system according to the requirements. The right set up of the IdM system will be also the decisive requirement of assigning credits.
|
|
Recommended literature
|
-
Ertem Osmanoglu. Identity and Access Management. Syngress Media, 2013.
|