Synchronization of authentication database with Identity Driven Manager database: NEW!
On-demand synchronization of Identity Driven Manager from the authentication database: Identity Driven Manager allows administrators to click on a button to synchronize the Identity Driven Manager users from Active Directory or other LDAP user databases.
Mapping of groups from the authentication database: When synchronizing Identity Driven Manager from the authentication database, Identity Driven Manager will map the user's group to an access policy group (APG) with the appropriate policies.
Default access policy group assignment: If a user in the authentication database does not have an authentication database group, you can assign a default access policy group and the related access policies to that user.
Import users from an XML file: If current user data is not kept in an LDAP-compatible data store, Identity Driven Manager can read users and group membership from an XML-formatted file.
Client integrity integration: NEW!
Integrity state checking: Identity Driven Manager will receive an indicator of the client's state of health from the client system's security agents (third parties). These third-party clients will do the integrity checking and will report it to Identity Driven Manager in the standard RADIUS data stream.
Standard TNC compliance: Third-party client integrity vendors who report status using the Trusted Network Connect (TNC) standard will be able to work with Identity Driven Manager immediately, so customers will have a choice of best-of-breed integration vendors.
Dynamic rules based on time, location, and user system are formed by administrators and dynamically applied: Access policy communities have rules that are applied to each user in the community based on the time, location, and user system. These dynamic inputs are evaluated and the policies applied according to the user's profile. This results in the appropriate access policies being applied at the right time and place.
Automatic VLAN assignment: Users are automatically assigned to the appropriate VLAN based on their identity, community, location, and time of day.
User-based access control lists (ACL's): NEW!
Control access to network resources: Users can be allowed or denied access to network resources (i.e., servers, printers) based on the destination IP address or a range of IP addresses.
Control access to network services: Users can be allowed or denied access to network services (i.e., Web pages, instant messaging, or FTP) based on the well-known or user-defined TCP/UDP ports.
Traffic prioritization: Traffic prioritization (QoS) is automatically set for the user based on identity, community, location, and time of day.
Rate limits: Rate limits are automatically applied to user traffic based on identity, community, location, and time of day.
Works with industry-standard RADIUS protocol: Access policies are set based on RADIUS authentication, so customers have a choice of authentication database and a reliable, time-tested technology for authentication.
Auto-discovery of identity objects: RADIUS servers with IDM agents, RADIUS realms, and users are automatically discovered at login and assigned to an un configured policy group for the administrator's attention.
Grouping of users into access policy communities: Identity Driven Manager allows administrators to group users into access policy communities to apply policies.
Resilient architecture:
The Identity Driven Manager agent can run independently and be deployed to redundant RADIUS servers: The Identity Driven Manager agent can be deployed to each RADIUS server in the network. The agents are able to operate independently from the Identity Driven Manager server, allowing Identity Driven Manager to be deployed to multiple redundant RADIUS servers providing authentication services for network devices.
Identity Driven Manager updates the server with transactional resilience: The Identity Driven Manager agent uses a transaction process to update Identity Driven Manager server data. If the connection from the agent on the RADIUS server to the Identity Driven Manager server is broken, the agent will queue the data until the connection is restored and then transmit the data, as appropriate, back to the Identity Driven Manager database.
