Identity Management Catalogs
Gateway's Identity Management Catalogs allow you to organize identity stores (such as Active Directory or PeopleSoft) in self-described categories – "Human Resources", "Finance", or "Chicago Office" for example. The three-dimensional navigation, prevalent throughout the Gateway's management console, known as the Gateway Manager, allows for intuitive and simple navigation of your assets.
Adding an Identity Store
Adding a new identity store, such as Active Directory or PeopleSoft, is simple. User-friendly wizards will assist you in supplying the right information, such as an alias for the store and software platform type. You may optionally "group" like-stores (such as a cluster of servers) that you wish to provision uniformly. Your new store will be visible to the Gateway within minutes.
Connecting to an Identity Store
Once you've described a new identity store within the Gateway Manager, a wizard will walk you through some basic connection information. At this point, you can tell the Gateway some fundamental things about your new connection. For instance, will identities be provisioned from this store (a system of record) or to this store (a consumer system)? Based upon your answers, the Gateway's intelligent wizards will craft appropriate questions to complete the connection.
Identity Provisioning Workflows
The Gateway's Workflow Builder will allow you to specify the provisioning business logic for each identity store connected to the system. For instance, the Attribute Mapping tab shown here allows the administrator to point-and-click map how attributes are transformed between the store and the Gateway's Identity Management system. It also specifies how identities are "matched" using specific attribute criteria. The Workflow Builder will display relevant configuration options specific to each store, ensuring robust and feature-rich provisioning that's made simple!
Identity Management Dashboard
The Gateway's Identity Management Dashboard provides a bird's eye view of your entire identity store ecosystem. The Gateway is represented at the center of the dashboard. Connections to identity stores within your environment stem from the Gateway, with identity stores and catalogs represented around the dashboard's perimeter. The status of each connection is represented visually through colors and icons, indicating the connection's health and state. Drilling into a connection will provide controls to start and stop the workflow, view history, and more.
Identity Management Dashboard Drill-Down
Drilling into a connection on the IDM Dashboard provides additional visibility into a connection's health and state. Icons on connections, such as the hammer icon found on the highlighted connection here, indicate the connection's Deployment State. The Gateway's built-in configuration management controls allow administrators to safely edit aspects of workflows without impacting production operations.
Web Access Management
Gateway's Web Access Management (WAM) services allow you to protect all of your organization's web assets, providing for Single Sign-On (SSO) and centralized authorization policy management. Protecting these web assets within the Gateway Manager is simple and intuitive. The 3-dimensional interface of the Gateway Manager allows you to virtually walk-through your datacenter, discovering web resources and applying access control policies where necessary.
Add Web Application
Telling the Gateway about a new web application that you wish to protect can be accomplished in minutes. Click the "Add New Server" icon and you're on your way. A wizard will guide you through the steps of protecting the new web asset.
Access Control Policies
Drilling into a web application asset in the Gateway Manager will allow you to apply policies that govern how the resource is utilized by your end users. A few mouse clicks will allow you to "drop" a policy on a web resource, such as a URL, and protect it from unauthorized access. Policy changes take place immediately and require no application code changes or restarting. Policies may describe authorized users, time-of-day restrictions, network restrictions, and even audit levels.
User Management
Managing identity profiles and associated accounts is a breeze. Simple or advanced search filters will recall users within the system, allowing you to drill into user profiles with only a few mouse clicks.
User Profiles
Authoritative identity data can be created, edited, or deleted within the Gateway Manager. Administrators may also choose to disable accounts, invalidate a password, or simply lookup information on a specific user.
Policy Creation and Editing
Most policies within the Gateway can be created and edited via simple point-and-click actions. Seen here, policies can be set to control password ages and character requirements, auto-expire accounts, or set time-of-day restrictions for user access to applications.
Self Service
User Self Service tools are built-in to Lighthouse Gateway. With point-and-click configuration, you can instantly setup or change the behavior of tools such as Self Registration and Password Reset. The Self Service tools are fully brandable to your organization and allow you to control a vast-array of workflow options and policies. For instance, a few mouse clicks will allow you to specify the Knowledge Based Authentication (KBA) questions that users need to answer in order to reset their password.
Role Management
The Gateway employs sophisticated Role Management that allows you to build and maintain roles and groups within the system. Membership to roles and groups may be manually edited via the Gateway Manager, or automated policies may be described that allow the Gateway to self-manage membership based upon your rules.
Dynamic Role Provisioning
Lighthouse Gateway allows for automated role management through its Dynamic Provisioning Engine (DPE). This powerful technology allows you to create policies that describe how the system should manage membership of particular roles. Policies can easily be written, as seen here, by using the system's expression builder. Expressions are evaluated autonomously by the Gateway as user data changes in the system. Role Modeling and Simulation capabilities allow you to test policies before enforcing them or run reports for certification purposes to identify potential discrepancies.
