Create resilient AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On

Follow the best practices in this white paper to ensure your AccessProfile development covers all possible scenarios

The state machine editor in the AccessStudio advanced mode is a flexible tool for creating advanced AccessProfiles for IBM® Security Access Manager for Enterprise Single Sign-On (ISAM ESSO). The profiles enable developers to implement single sign-on (SSO) automation workflows for a wide variety of applications. Most applications have similar design rules for pages flows related to sign-on automation, such as login or change password pages. So it makes sense to check all sign-on automation workflows that are based on these common rules. This best practices guide introduces a set of common page flow diagrams and design rules to consider to ensure that your advanced AccessProfile state machine covers all sign-on automation workflows.

Shoushin Liu (shoushin@jp.ibm.com ), Senior IT Specialist , IBM

Photo of Shoushin LiuShoushin Liu is a Senior IT specialist in IBM Japan. He has 15 years of experience in technical support for IBM security products such as IBM Security Access Manager for Web (ISAM), IBM Security Identity Manager (ISIM), IBM Security Manager for Enterprise Single Sign-On (ISAM ESSO), IBM Security Directory Integrator, and IBM Security Directory Server. His mission is to support complex, large-scale projects and first-of-a-kind projects and to transfer his product skills to customers and business partners. In his first nine years, he supported Japanese customers by designing and implementing ISAM and ISIM systems. In 2008, he began to support several large-scale ISAM ESSO projects. Recently he also focused on privileged identity management and mobile security solutions. He holds a bachelor's degree of information technology engineering.



14 April 2014

Identity and Access Intelligence

Image of Identity and Access Intelligence cover page

Identity and access management infrastructures are becoming a major source of security intelligence information. Enterprise Management Associates (EMA) analysts published a new report that describes the nature of identity and access intelligence and the factors that drive this aspect of security evolution. To learn about this aspect of IT security, download and read "Identity and Access Intelligence: Transforming Enterprise Security."

Introduction

The state machine editor in the AccessStudio advanced mode is a flexible tool for creating advanced AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO). With the profiles, developers can implement single sign-on (SSO) automation workflows for a wide variety of applications. To create an effective and complete AccessProfile, developers must take a systematic approach to ensure that all workflows are covered in the state machine. If some of the workflows are missing from the state machine, an auto-fill, capture, or save action might fail as a result. Both the AccessProfile developer and the quality assurance tester must work together to ensure that all sign-on automation workflows are covered by the AccessProfile state machine and to eliminate bugs in the state machine. Most applications have similar design rules for page flows related to sign-on automation, such as login or change password pages. So it makes sense to check all sign-on automation workflows that are based on these common rules. This best practices guide introduces a set of common page flow diagrams and design rules to consider to ensure that your advanced AccessProfile state machine covers all sign-on automation workflows. Topics in the guide include:

  • How to understand the workflows that are covered by the state machines that are generated by AccessStudio generator.
  • How to generate workflows for application scenarios that aren't covered by the AccessStudio generator.
  • Sign-on automation workflows specific to web and Windows® application types and how to cover these workflows by using advanced AccessProfiling.
  • How to cover work flows and problems that are specific to the design of the application.
  • How to test an AccessProfile to ensure that it is complete and correct.
  • How to talk to the application owner about the sign-on automation requirements and what to investigate in the application during the requirements discussion.

Image of Best practices cover pageVisit the security on developerWorks resource library to download "Best practices for AccessProfile development in IBM Security Access Manager for Enterprise Single Sign-On."

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Security on developerWorks


  • Bluemix Developers Community

    Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.

  • Security

    Pragmatic, intelligent, risk-based IT Security practices.

  • DevOps Services

    Software development in the cloud. Register today to create a project.

  • IBM evaluation software

    Evaluate IBM software and solutions, and transform challenges into opportunities.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security
ArticleID=967770
ArticleTitle=Create resilient AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On
publish-date=04142014