BACKGROUND OF DEMAND

The organizational structure of enterprise groups is complex, with a large number of personnel, diverse identities and roles, and numerous application systems. The main challenges faced in the process of digital transformation of business are as follows: dispersed user management, slow IT management response, high security and compliance requirements, and poor user experience.

Unified Identity Governance (IAM) is the core of an integrated zero trust security architecture. By building an identity authentication management center based on an integrated zero trust security architecture with identity ID as the core, with user identity as the core protection goal, default distrust of user identity, continuous authentication, dynamic authorization of user access permissions, automatic intelligent learning of user behavior, and constant detection of user behavior risks are achieved. While realizing the single sign on capability of multi business systems, user experience is improved and access security is strengthened. Convenience and security go hand in hand, providing strong protection for enterprise information security.

SOLUTION

The unified identity governance platform is centered around user identity data, integrating and managing digital identities across all enterprise scenarios. By building a centralized user management center, it connects user identity data channels between heterogeneous systems, achieving automated management of user lifecycle, SSO multi business system single sign on, MFA strong authentication, UEBA intelligent risk monitoring, fine-grained permissions, audit management, and self-service. Based on security, it provides more efficient and convenient management and business capabilities.

User Management

Automated management of the entire user lifecycle. Realize automatic integration of employee transfer and relocation without manual operation, reducing IT pressure

Single sign-on

Accessible integration with all business systems. By utilizing self-developed technology and all standard authentication protocols including but not limited to OAuth, SAML, OIDC, JWT, CASLTPA, LDAP, etc., business systems can be successfully integrated without protocol modification

MFA Strong Certification

Build strong authentication capabilities on the platform, providing multiple authentication methods that can be freely combined, including but not limited to account passwords, dynamic passwords, QR codes, facial recognition technologies, CA authentication, and other authentication methods.

UEBA Intelligent Risk Detection

Realize intelligent analysis of user behavior, supported by unique security model algorithms and big data analysis platforms at the bottom level, and integrate AI intelligent technology to automatically collect user access data for risk warning, conduct autonomous model learning, generate multi-level risk strategies, and constantly detect user behavior.

Fine grained permissions

Minimize access permissions by building various permission models, including but not limited to ABAC, RBAC, GBAC, etc., to manage multiple permissions of enterprises in a hierarchical manner, achieve user permission data level control, and improve the security protection of important data in business systems.

Audit Management

Conduct comprehensive audits on user access, permission usage, and data management. Build real-time and effective pre warning, in-process auditing, and post traceability to human centralized auditing capabilities, providing various identity, access, authentication, permission and other reports to ensure compliance auditing of enterprises.

Self service center

Comprehensive self-service capabilities, providing users with the ability to independently modify personal information, change passwords and retrieve them, delegate accounts, and apply for account permissions on their own.

Xinchuang Adaptation

The unified identity governance platform is fully adapted to the innovation ecosystem, including domestic middleware (Dongfangtong, Kingdee, Yuan), domestic databases (Wuhan Dameng, Renmin Jincang, OceanBase, Nanjing University General Motors, Shenzhou General Motors), domestic operating systems (Zhongbiao Qilin, Huawei Euler Bank Lin, Long, Zhongke Hongqi), etc

Application scenarios

It can achieve automatic operation and maintenance of the entire lifecycle of all users and application systems, helping enterprises with digital transformation, realizing domestic information and innovation security, digital portal, operation and maintenance security control, enterprise compliance control, etc.