Course: Identity and Access Management

« Back
Course title Identity and Access Management
Course code UAI/619
Organizational form of instruction Seminary
Level of course Master
Year of study not specified
Frequency of the course In each academic year, in the summer semester.
Semester Summer
Number of ECTS credits 2
Language of instruction Czech
Status of course Compulsory-optional
Form of instruction Face-to-face
Work placements This is not an internship
Recommended optional programme components None
Course availability The course is available to visiting students
Lecturer(s)
  • Vohnoutová Marta, Ing.
  • Horal Pavel, Bc.
  • Macek Martine, Ing.
Course content
Content: Theory 1) Needs of organization, when it is useful to implement the Identity Management (IdM). 2) What is IdM and what it solves. 3) What is Access Management (AM) and what it solves. 4) IdM and AM interconnection 5) How the IdM is bound with its surroundings a) IdM - subordinated and superiored systems 6) Rules of IdM implementation and its integration with the surroundings 7) Superior systems a) Interconnections of IdM and HR systems. Description of situation which could occur. b) Initial data reading c) Organization structures and its changes d) Personal data clearing e) Connection with registries - password policies, list of applications f) Interconnections of IdM and intranet portals 8) Internal IdM structure a) users b) applications c) technical accounts d) external workers e) more work engagements of one user f) maternity leave, jail, long-term diseases 9) Philosophies of access right granting a) automatic access right granting b) manual access right granting - requests and approvals c) removing of access rights 10) Workflows and their features and goals a) workflow dead ends b) maximal workflow delays c) escallations d) delegations e) temporary replacements 11) Hierarchy, roles, sets, access rights 12) User access rights 13) Access rights bound with a position which the user actually takes 14) RBAC model 15) Enhanced RBAC model 16) Optimization of RBAC model 17) Mandatory attributes, skills ? 18) Internal IdM roles - approvers, garants of roles, data administrators... 19) User self-service (access right requirements, list of his/her actual access rights, accounts, runnung approval workflows etc.) 20) Subordinate systems a) application types, possible ways of their connection to the IdM b) webservices c) proprietary connectors d) communication via files e) communication via Service Desk f) feedback from subordinate systems - reconciliation, synchronizing... g) passwords, password management, password reset, password policy, self-service 21) IdM as an information base for for applications - data propagation to AD, to Exchange, to intranet portal, API for applications 22) problem with growing inconsistency between data in IdM and subordinate systems a) access right removing - no one asks for access right removal b) leaving employees - zombie in systems c) removing of accounts in case of insufficients licencies d) no keeping of the rule of superiority and subordinity 23) fighting with administrators - lowering of their rights 24) Discipline - setting of accounts and their access rights from up to down 25) Working activities - descriptions - definitions of roles and sets 26) Systemization - definition, theory and impacts 27) Catalogue of type positions, optimizing of organizational structure 28) Practice - Binding of the Catalogue of type positions with the design of sets in IdM Praxe 1) Seznámení s logikou jednoho z IdM produktů DirX 2) Instalace DirX 3) Nastavení systému 4) Seznámení se systémem 5) Cvičení a) Nadřízený systém - personální data - připravený csv soubor b) Nastavení vnitřní struktury IdM I) uživatel II) uživatelova práva III) uživatelův účet v AD c) Podřízený systém AD I) založení uživatelova účtu prostřednictvím IdM - počáteční impuls - přidání řádky do csv souboru II) přidělení přístupových práv uživateli v AD (přidání do skupin) podle nastavení v IdM

Learning activities and teaching methods
Dialogic (discussion, interview, brainstorming)
  • Class attendance - 30 hours per semester
  • Preparation for credit - 10 hours per semester
  • Preparation for classes - 10 hours per semester
Learning outcomes
The goal is to teach students with RBAC model and with the Identity and Access Management.
Orientation in design of IT systems and in IT keywords. A student must be able to suggest and create own programs. Basic orientation in keywords Identity and Access Management anad Federation identity.
Prerequisites
Orientation in design of IT systems and in IT keywords. A student must be able to suggest and create own programs. Basic orientation in keywords Identity and Access Management anad Federation identity.

Assessment methods and criteria
Student performance assessment

Orientation in design of IT systems and in IT keywords. A student must be able to suggest and create own programs. Basic orientation in keywords Identity and Access Management anad Federation identity.
Recommended literature
  • Ertem Osmanoglu. Identity and Access Management. Syngress Media, 2013.


Study plans that include the course
Faculty Study plan (Version) Category of Branch/Specialization Recommended year of study Recommended semester
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: Summer