Identity management in future PLM platforms

Identity management in future PLM platforms

federated-sso

Identity is a topic that raises lot of attention over the course of last few years. As a number of cloud application is growing, the question of management of identity and access rights online becomes more important.

Federation was one of the topics that was discussed in my last posts about future PLM platforms. It is a broad topic. One of the aspects of “federation” is the ability to manage “federated identity”. I’ve been reading DarkReading article Identity Management In The Cloud during the weekend. It is worth reading. It speaks about current practices of identity management through Active Directory (AD) and Lightweight Directory Access Protocol. It also speaks about importance of federated identity and integration of cloud application into federated SSO. Here is a passage I captured:

An employee using a federated single sign-on system is given one set of credentials to access multiple cloud accounts. This user is only authorized to use those cloud accounts permitted by the group he or she belongs to. For example, if a user is in the sales group in Active Directory, he or she would be given secure access to Salesforce.com as well as the enterprise’s in-house sales applications. This approach aids the rapid rollout of new cloud services to large groups of users. Even more importantly, using AD to aggregate identities in cloud environments speeds up the deprovisioning of cloud applications to employees when they leave the company or change roles. “Enforcing the use of federated SSO — and not using passwords with cloud apps — means that users can only log in to cloud apps if they have an account in AD,” says Patrick Harding, CTO of cloud IAM company Ping Identity. “Terminated users are usually immediately disabled in AD by IT and will not be able to access any cloud apps.”

The number of cloud identity management software is growing these days. You might noticed products from Amazon Identity Manager, Microsoft Azure Identity and Salesforce. Startup companies are entering the space of IAM as well.

I captured the following diagram showing current status of cloud identity usage.

plm-federated-sso

It made me think about growing usage of cloud services for design, engineering and manufacturing. Modern transformation of product lifecycle will require usage of multiple online services. To integrate them together using singe security access layer can be a significant challenge.

What is my conclusion? I can see identity management as an important first step in the future PLM platforms. The ability to manage access to diverse data sets (on premises and using cloud applications) will become a first test of future PLM platforms in their ability to manage federated data. Just my thoughts…

Best, Oleg

Share

Share This Post

  • Nice write up Oleg. One of the ones your readers might like to know about that you missed was “ADFS” or Microsoft Active Director Federation Services. This is a free add on for a windows server environment that will enable SAML 2.0 compliant SaaS applications (like Autodesk PLM 360) to support SSO. Many of our customers choose Ping, it’s a full service suite of management tools; but the ADFS is also really common because it’s so simple to get going.

    http://technet.microsoft.com/en-us/library/cc772128(v=ws.10).aspx

  • beyondplm

    @Brian, thanks for the link! Good addition to the list of options.