Support Smarter Authorization
Deliver Complete, Timely, Attribute-Driven Authorization
When it comes to authorization, the more identity information you can rapidly access, the better you can secure your resources and the easier it is to offer new services. However, user attributes are often spread across a heterogeneous mix of directories and databases, and scattered across silos, schemas, and protocols. What worked in the past—centralized data—can no longer serve today’s far-flung, federated, and even cloud-based infrastructures.
Without advanced cross-join and mapping through a virtualization layer, you face one-off customized code that’s hard to maintain and impedes the evolution of your portal. To provide up-to-the-minute, intelligent authorization, you need a global profile of each user, not an incomplete picture based on attributes scattered across multiple data sources. This includes not only a complete profile, but also an understanding of how subjects are linked to activities and resources in their entirety. RadiantOne FID supports richer and smarter authorization decisions by integrating application contexts across data and application silos. So application silos become a comprehensible set of interoperable contexts that your policy can tap into to deliver smarter authorization.
Create Complete Profiles Through Virtualization and Joins
RadiantOne FID allows you to create an integrated view of identity, using join to extend user profiles with existing attributes and enabling complete attribute views and contextually-driven authorization decisions. Contextual views allow you to understand the relationships between identities and resources, no matter where or how that information is stored. Through object and relationship mapping, your authorization policies become more precise and finer-grained, better reflecting the entire entitlement picture.
Using Virtualization to Create a Global Profile
For a single logical view of data within a WAM deployment, you need to virtualize. Only a virtualized abstraction layer gives you the flexible global profile you need, without the risk, hassle, and expense of an authoritative directory or piecemeal manual integrations. By virtualizing these disparate data systems, and linking the incomplete accounts to each other, a complete global view of each user can be delivered to any application from one central location. With RadiantOne FID, you can easily publish a unified view of users, including all attributes necessary to inform policy decisions.
Build Contextual Dynamic Groups to Enable New Services
Groups are traditionally based on a static label assignment to a list of given identities. When new identities are added, group memberships must be manually maintained. This creates additional work for the system administrator, and leaves room for error that could put your security at risk should access be incorrectly granted or maintained. Through RadiantOne FID’s modern architecture, attribute-based policies and roles can define groups as you go, based on arbitrary characteristics.
Migrate Existing Groups
RadiantOne FID also enables companies to save time and effort by reusing existing groups.