Autentisering, hantering och provisionering av användare : Ett koncepttest med PhenixID

Sammanfattning: The goal of this project has been to configure and present a solution that covers a customer’s needs for user authentication, identity and access management and identity provisioning. The solution consists of products from PhenixID and the configuration is carried out on behalf of a company acting as a consultant. At the same time, the project is intended to generate new knowledge within the company about the possibilities and functions of the products used. The resulting solution enables the provisioning of users from a simple CSV file to a central user directory, and from this directory to Google. Identity Provisioning software is used for this purpose. The solution includes a recommendation for the same process to Azure through a first-party solution from Microsoft. The solution includes a configuration of the PhenixID Authentication Services system that can be used by the provisioned users to log in to Google and Microsoft services, so-called single sign-on, SSO. This authentication is SAML-based and adopts multi-factor authentication through a mobile application. A web-based and role-based identity and access management system, Identity Manager, is configured to manage users in the central user directory. Through this system, roles with associated rights are used with the purpose of delegating user management to the necessary instances of the customer’s organization. The overall configuration represents a proof of concept of the products for the customer's use cases and is therefore relatively fundamental in nature.