Applications

In IBM® Security Verify Governance, an application is a set of permissions that are related to a certain target. IBM Security Verify Governance visualizes and extends the concept of target as a "pure technical view" of an IT application and is only suitable for provisioning.

Every target can host several applications. A target can be often used as an authentication or authorization server, for example Active Directory (AD), where different applications share different permissions with a single account.

Many applications that are connected to the same target can share account configuration policies and can be subject to several:

• Provisioning policies
• Logical configurations
• Risks

Applications, targets, and account policies, for example password policies or UID rules, are tied together. There can be one or more targets to an application, or one or more accounts to a target, or one or more accounts to an application. The IBM Security Verify Governance model manages the policies that are implied in these relations. For example, password synchronization between different targets that share an account policy.

Applications can be either:

Custom

These applications use Java API or the web services of IBM Security Verify Governance platform, the IBM Security Verify Governance SDK, for authentication or authorization activities. For this type, the AG Core module operates as the authorization server.

External

These applications use external authorization systems that are connected to the AG Core module.

For example, Active Directory (AD) is an external authorization system or target system.

IBM Security Verify Governance can be also configured to send events, such as add or remove permissions, to targets or applications. These events are sent through the IBM Security Verify Governance Integration Interface and Enterprise Connectors module.