Converged IAM (Identity and Access Management) unifies disparate physical and logical access control systems to create a singular trusted identity and credential to match rights and access them across the enterprise. Converged IAM can't exist without network connections between these logical and physical identity systems.

The most typical use case is that of a card reader integrated with identity management or directory systems such as Active Directory or LDAP. Users swipe the access card at the door and use that same access card to log on to network resources.

Logical identity integrations for users are enabled with links between human resources systems, IT network components, and the enterprise directory. The directory software, such as Microsoft's Active Directory or similar tools based on the Lightweight Directory Access Protocol (LDAP), identifies employees having network, software, and database access needed to complete assigned work and tasks.

Large enterprises use identity management tools from vendors such as IBM, Novell, and Oracle to provision users from the HR system into the directory. This process is automated. The disconnect between logical and physical identity happens during the provisioning of physical access for the user.

In many enterprises, this task is still manual: A phone call, email, or fax from HR alerts the physical security department to put the new employee into the PACS and create an access badge for him.

Integrating PACS with the enterprise directory enables enterprises to address the challenge of disconnected physical and logical identities. The integration allows them to understand better who has rights to their network and their physical facilities. It will enable them to manage access rights and people's responsibilities within the organization more efficiently.

 

To know more about how Identity and Access Management can help secure user access, talk to our IAM experts at contact@aujas.com.