Frameworks IBMs Tivoli Identity Manager and Tivoli Access Manager, Novells Nsure family, and CAs eTrust Identity Management and eTrust Access Management are designed to integrate user authentication and authorization into the broader arena of user provisioning.In fact, the more rule-bound and process-intensive an organization, the betterthese products can eat bureaucracy for breakfast and spit out almost completely automatic user setups by afternoon. However, the frameworks wont do much for organizations that have confused or poorly outlined user provisioning guidelines. Nsure comes with a license for Novells eDirectory, which is required for the various components of this wide-ranging user provisioning family to work. Novell has gone out of its way to leverage eDirectory, providing some pretty impressive user automation capabilities. IBMs Tivoli Identity Manager and Tivoli Access Manager work together to provide authentication and access control services for large enterprise networks. The IBM platform goes head-to-head with Novell by incorporating not only a wide range of applications for which it can provide access control but also a variety of directory products. Because both the IBM and Novell platforms can be integrated with a number of different authentication devices, the real differentiator between the two is how well they can be integrated into an organizations existing environment. CAs eTrust family of products takes an incremental approach to identity management. Architecturally, eTrust Identity Manager and eTrust Access Manager are similar to the IBM Tivoli platform in that both support a wide range of enterprise applications. Both platforms also support a number of directory implementations, so IT managers should be able to implement them without disturbing established infrastructure. One advantage IT managers may find with CA is an ability to implement single-sign-on, user self-service and other user provisioning modules as needed and as the products prove their ability to reduce administrative costs. This is a pleasant departure from CAs all-or-nothing approach to IT management in the late 1990s. Now, CA components will likely provide IT managers with the breathing room they need to meet regulatory deadlines without having to hire a fleet of consultants. Senior Analyst Cameron Sturdevant can be contacted at firstname.lastname@example.org
These user management frameworks are appropriate for organizations that have a good user provisioning system in place and work best in large-scale, heavily regimented environments.