Module Introduction

SiCAP-Identity and Access Management（IAM）Based on the design concept that an enterprise only needs to maintain a set of organizational structure, an enterprise only uses a set of user identity management system, and an enterprise only uses a set of user authentication system, it builds a unified identity management system for users through functional modules such as identity governance, authority governance, trusted authentication, auditing and wind control, realizes the visual control of user's whole lifecycle, and meets the needs of unified identity management, unified authority management, unified authentication management, security auditing and risk control.

Feature Description

• Unified Account Management

  Construct a unified user management system with one set of organization, one set of personnel and one set of master account (ID) Support account collection management and two-way synchronization of each application system, simplify the management complexity of users and accounts, and reduce the security risk of system management; Builds its digital identity around the user, integrates the account information of each system, and realizes the unified management of the whole life cycle of the user's identity; Formulate identity management specifications, which can be based on global, organizational and account, and flexibly set different account policies and password policies; Account system co-construction and interoperability, supporting HR, OA, ESB, LDAP and other data access; Flexible expansion to meet individual needs, supporting customization of organization attributes and personnel attributes;
• Unified Application Management

  Application security access, secret key, API management; Application integration of multiple protocols: oauth2, CAS, OpenID, SAML, JWT, RestFul; Flexible configuration of application interfaces, data calls; Application data collection, distribution.
• Unified Authority Management

  The platform's own rights, based on role + organization hierarchy visibility, to achieve fine-grained control of menu-level and data-level rights; Application rights management, support for dynamic authorization of applications, according to the organization, position, user group, user authorization applications; Support role authority customization and dynamic allocation; Unified centralized authorization and control of all resource accounts, multi-dimensional matching of master and slave accounts, and fine-grained allocation; Permission compliance checking, effective verification of permission compliance;
• Unified Authentication Management

  Support password authentication, Radius authentication, Ldap authentication, Ad domain authentication, SMS authentication, dynamic token authentication, cell phone token authentication, certificate authentication and other authentication methods; Support two-factor authentication and system-wide hybrid authentication, and different login authentication modes can be set according to different security levels; Support for external authentication systems; Provide SSO operation and use.
• Security Audit Log

  User operation logs, account login logs, authentication logs, data synchronization logs, etc. are managed in a unified manner and audited in a comprehensive manner, so as to discover security-related problems in a timely manner and realize user behavior auditing, authentication auditing and API auditing.
• Comprehensive Risk Control

  Provides ex-ante prevention with flexible configuration of system-level and application-level risk policies; Support intelligent identification of abnormal access behavior based on users' access behavior habits, from time, space, behavior, equipment and other dimensions; Provide mid-control, triggering risk control policies to implement different risk control measures, including: blocking, secondary authentication, release, and alerts; Provide whitelisting mechanism, system-level and application-level whitelist can be set; Support trusted browser management, using non-trusted browser login, triggering the wind control rules; Support session management, support abnormal online session logout operation.
• Unified Portal Self-Service

  Identity management process-oriented, the establishment of self-service centers to achieve self-service update of user information, account applications and other process-oriented management; Docking with external processes to provide a unified authentication portal; Supporting the visualization of application access rights; Supporting account self-registration and password reset; Supporting self-service applications for business processes such as on-boarding, off-boarding, permission applications, posting transfers and job transfers; Support application visualization display, real-time grasp of processing progress; Support detailed approval history, process notification.