性videosgratis灌满|国产成人精品高清在线观看99|无码日本电影一区二区网站|成人性生交大片免费看京东小视频|熟妇与小伙子MATUR老熟妇E

政府行業IAM解決方案

實(shi)現(xian)以用戶(hu)為中心實(shi)現(xian)賬(zhang)號的生命周(zhou)期(qi)管(guan)理

行業現狀

Industry status

業務需(xu)求(qiu):由于政務應(ying)用(yong)(yong)規模(mo)的(de)(de)(de)(de)(de)快速增長,且用(yong)(yong)戶(hu)類型也呈現多(duo)樣化,用(yong)(yong)戶(hu)身份(fen)的(de)(de)(de)(de)(de)維護以(yi)及(ji)權限(xian)的(de)(de)(de)(de)(de)治理日益棘(ji)手(shou),造成在(zai)流(liu)(liu)程效(xiao)率(lv)、信(xin)息安(an)全(quan)(quan)、管(guan)(guan)理方(fang)面的(de)(de)(de)(de)(de)諸多(duo)風險。 安(an)全(quan)(quan)需(xu)求(qiu):缺乏(fa)集中(zhong)統(tong)一(yi)權限(xian)分配、有些賬號多(duo)人共用(yong)(yong)容易造成安(an)全(quan)(quan)漏洞;用(yong)(yong)戶(hu)在(zai)使(shi)用(yong)(yong)系(xi)(xi)統(tong)過(guo)程中(zhong),經常需(xu)要(yao)在(zai)各系(xi)(xi)統(tong)之間(jian)切換,用(yong)(yong)戶(hu)體(ti)驗(yan)不佳。 管(guan)(guan)理需(xu)求(qiu):同(tong)統(tong)一(yi)的(de)(de)(de)(de)(de)身份(fen)認(ren)證平臺(tai)可以(yi)減(jian)少開發(fa)成本(ben),縮短開發(fa)周期,降(jiang)低系(xi)(xi)統(tong)的(de)(de)(de)(de)(de)維護成本(ben),有效(xiao)防(fang)止(zhi)安(an)全(quan)(quan)事件的(de)(de)(de)(de)(de)發(fa)生,提高管(guan)(guan)理效(xiao)率(lv)。將(jiang)應(ying)用(yong)(yong)的(de)(de)(de)(de)(de)認(ren)證流(liu)(liu)程以(yi)及(ji)權限(xian)訪問控制集中(zhong)在(zai)一(yi)起(qi),方(fang)便管(guan)(guan)理。同(tong)時(shi)為了兼容性,需(xu)要(yao)有能對接多(duo)種應(ying)用(yong)(yong)場(chang)景(jing),復雜應(ying)用(yong)(yong)架構的(de)(de)(de)(de)(de)能力,提供標(biao)準的(de)(de)(de)(de)(de)認(ren)證集成方(fang)案流(liu)(liu)程。

解決方案

Solution

以聯軟科(ke)技(ji)零信任身份管(guan)(guan)理(li)IAM系(xi)統(tong)(tong)為(wei)基礎的《政府行業IAM解決方(fang)案(an)》,以“用戶(hu)(hu)管(guan)(guan)理(li)、應用管(guan)(guan)理(li)、權限(xian)管(guan)(guan)理(li)、認(ren)(ren)證管(guan)(guan)理(li)、審(shen)計(ji)分(fen)析、應用門戶(hu)(hu)”六大功能組(zu)件,提供統(tong)(tong)一(yi)認(ren)(ren)證管(guan)(guan)理(li)、統(tong)(tong)一(yi)組(zu)織架構、統(tong)(tong)一(yi)授(shou)權管(guan)(guan)理(li)、統(tong)(tong)一(yi)審(shen)計(ji)管(guan)(guan)理(li)、統(tong)(tong)一(yi)賬號(hao)管(guan)(guan)理(li)、單點登錄等安全能力,實(shi)現以用戶(hu)(hu)為(wei)中心(xin)實(shi)現賬號(hao)的生命周期管(guan)(guan)理(li)。該(gai)方(fang)案(an)包括以下(xia)內(nei)容:

用(yong)(yong)(yong)(yong)戶(hu)管(guan)理(li)(li):包(bao)含數(shu)據源管(guan)理(li)(li)、組(zu)織(zhi)用(yong)(yong)(yong)(yong)戶(hu)管(guan)理(li)(li)、用(yong)(yong)(yong)(yong)戶(hu)標簽(qian)管(guan)理(li)(li)、用(yong)(yong)(yong)(yong)戶(hu)自(zi)注(zhu)冊;數(shu)據源可以支持LDAP同步(bu)、API同步(bu)、數(shu)據庫同步(bu)、FTP同步(bu)、Excel導入等(deng)多種方式;組(zu)織(zhi)用(yong)(yong)(yong)(yong)戶(hu)管(guan)理(li)(li),包(bao)含用(yong)(yong)(yong)(yong)戶(hu)試(shi)圖(tu)、用(yong)(yong)(yong)(yong)戶(hu)管(guan)理(li)(li)等(deng);

應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)管(guan)理(li)(li):支(zhi)(zhi)持應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)認證接入(ru)(ru)模板管(guan)理(li)(li),提(ti)供應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)增刪(shan)改查、應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)接入(ru)(ru)控制;應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)賬(zhang)(zhang)號(hao)管(guan)理(li)(li):支(zhi)(zhi)持IAM主賬(zhang)(zhang)號(hao)與(yu)應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)從賬(zhang)(zhang)戶(hu)兩(liang)種(zhong)策略,用(yong)(yong)(yong)(yong)戶(hu)主賬(zhang)(zhang)號(hao)映射并關聯(lian)應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)賬(zhang)(zhang)號(hao),支(zhi)(zhi)持應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)賬(zhang)(zhang)號(hao)新增、導入(ru)(ru)、刪(shan)除、綁(bang)定、解綁(bang)管(guan)理(li)(li);應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)賬(zhang)(zhang)號(hao)同步,平臺推送(song)組織與(yu)賬(zhang)(zhang)號(hao)到應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)系統(tong)LDAP、AD目(mu)錄(lu)、數(shu)據庫、API等,提(ti)供應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)公共賬(zhang)(zhang)號(hao)管(guan)理(li)(li)、授權綁(bang)定到個人(ren)用(yong)(yong)(yong)(yong)戶(hu),個人(ren)用(yong)(yong)(yong)(yong)戶(hu)真實身份登(deng)錄(lu)使用(yong)(yong)(yong)(yong)公共賬(zhang)(zhang)號(hao);應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)特(te)殊(shu)賬(zhang)(zhang)號(hao),支(zhi)(zhi)持應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)多賬(zhang)(zhang)戶(hu)管(guan)理(li)(li),支(zhi)(zhi)持應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)賬(zhang)(zhang)號(hao)委托,按用(yong)(yong)(yong)(yong)戶(hu)(組)維度對應(ying)(ying)(ying)用(yong)(yong)(yong)(yong)授權,用(yong)(yong)(yong)(yong)于特(te)殊(shu)用(yong)(yong)(yong)(yong)戶(hu)授權。

權(quan)限管(guan)理(li):通(tong)過配置授(shou)(shou)權(quan)級別、授(shou)(shou)權(quan)范圍、授(shou)(shou)權(quan)功(gong)能與權(quan)限實現最小(xiao)顆粒度授(shou)(shou)權(quan),聯軟零信任(ren)身份管(guan)理(li)IAM系(xi)統(tong)的動態授(shou)(shou)權(quan)是通(tong)過將ABAC和RBAC策(ce)略進行組合下發(fa),達到(dao)靈活的訪問控制基線的目的。

認證(zheng)管(guan)理:支(zhi)持(chi)多種身(shen)份認證(zheng),多因(yin)素(su)認證(zheng)、分級(ji)認證(zheng),賬密、短(duan)信,動態驗證(zheng)碼認證(zheng)、微(wei)信、釘(ding)釘(ding)、掃碼、指(zhi)紋(wen)等多種認證(zheng)方式,支(zhi)持(chi)單點登錄,提升員工(gong)使用體(ti)驗。

審計分(fen)析(xi)(xi):支持身(shen)份(fen)分(fen)析(xi)(xi),重(zhong)復賬號(hao)、僵(jiang)尸賬號(hao)、孤兒賬號(hao)、違規賬號(hao),用戶賬號(hao)狀態分(fen)析(xi)(xi);行(xing)為分(fen)析(xi)(xi),連續多次(ci)登(deng)(deng)錄(lu)失敗,短時(shi)間頻繁登(deng)(deng)錄(lu),異地登(deng)(deng)錄(lu),非工(gong)作(zuo)時(shi)間登(deng)(deng)錄(lu),同一IP多次(ci)不同賬戶登(deng)(deng)錄(lu),修改(gai)密碼(ma)次(ci)數等。

客戶價值

Customer value

業務價值:身份(fen)基礎(chu)設施統(tong)(tong)一監(jian)控,統(tong)(tong)一認證身份(fen)設施割裂,內部(bu)多個身份(fen)源無法統(tong)(tong)一觀察與監(jian)控;同時(shi)也能(neng)對(dui)這些身份(fen)基礎(chu)設施進行加固;內部(bu)風險控制,對(dui)通用業務賬(zhang)號的多種數(shu)據維度自動(dong)建立基線(xian)持(chi)續調優助力(li)業務風控安全。

運營(ying)價(jia)值:解決當前運管存在相關痛點,身份憑據濫用,賬號管理松散,密鑰(yao)管理混亂極易引(yin)發(fa)安全(quan)問題規避;檢(jian)測(ce)濫用的權限,確定(ding)用戶(hu)任務所需的適當權限級別,監測(ce)高級權限使用,防(fang)止(zhi)權限濫用。

攻防價值:黑客入(ru)侵防護,從(cong)身份角(jiao)度(du)入(ru)手(shou)的(de)安(an)全(quan)檢(jian)(jian)測(ce)能夠(gou)從(cong)登陸(lu)驗證的(de)角(jiao)度(du)發(fa)現安(an)全(quan)問(wen)題,以此(ci)為檢(jian)(jian)測(ce)核心(xin)可極(ji)大的(de)提高安(an)全(quan)檢(jian)(jian)測(ce)能力;協助(zhu)護網演(yan)習。