What’s new in idm 4.0, What’s new in idm 4.0? -2 – HP Identity Driven Manager Software Series User Manual
Page 8
1-2
Welcome to Identity Driven Manager
Introduction
5. If the user is authenticated, the PCM device grants the user access to the network.
If the user is not authenticated, access is denied.
For networks using IDM, access control is enhanced to include authorization param-
eters along with the authentication response. IDM enhances existing network security
by adding network authorization information, with access and resource usage param-
eters, to the existing authentication process. Using IDM you can assign access rights
and connection attributes at the network switch or access point, with dynamic
configuration based on the time, place, and client that is generating the access request.
When using IDM, the authentication process proceeds as described in the first three
steps, but from that point the process changes as follows:
4. The RADIUS server validates the user’s identity in the user directory. Based on
the validation result received from the user directory, the authentication server
returns an accept or deny response to the switch or access point. When using
IDM without SNAC, if the user is accepted (authenticated), the IDM Agent on
the RADIUS server processes the user information. IDM then inserts the network
access rights configured for the user into the authentication response sent to the
switch or access point.
5. If the user is authenticated, the switch or access point grants the user access to
the network. The (IDM) authorization information included in the authentication
response is used to configure VLAN access, QoS and bandwidth parameters for
the user, and what network resources the user can access based on time and
location of the user’s login.
If the user is authenticated by the RADIUS server, but IDM’s authorization data
indicates that the user is attempting to access the network at the wrong time, or
from the wrong location or system, the user’s access request is denied by IDM.
If a user is authenticated in RADIUS, but is unknown to IDM, IDM will not
override RADIUS authentication and default switch settings, unless you config-
ure it to do so. You can create a “guest” profile in IDM to provide limited access
for unknown users.
What’s New in IDM 4.0?
PCM+ Identity Driven Manager version 4.0 includes the following new features and
enhancements:
■
Registration Server enhancements to simplify administrative overhead in
implementing network access control
■
Simple Network Access Control (SNAC) support, including:
•
IAS/NPS RADIUS server support