CyberRes NetIQ Identity Management Review
Micro Focus’s CyberRes NetIQ Access Manager (we’ll just say Access Manager for most of this review) has been a contender in the Identity Management (IDM) space for some time in one form or another, even spending time. under the old Novell Banner. This level of history is accompanied by both high expectations and a certain level of curiosity about the maturity and innovation offered by the solution compared to IDM platforms with more continuity on the management side. and business.
Access Manager is for businesses that want to manage their IDM toolset on their own, with options to run on-premises using individual software components or as a virtual appliance on-premises or in a private cloud . The Identity component of Access Manager is part of a larger family of tools focused on identity and access governance for your business. But while it is aimed at those who need on-premises deployment, Access Manager doesn’t necessarily have the convenience and price advantages of SaaS-based IDM offerings such as our Editors’ Choice Okta award winners and VMware Workspace One Access.
Installation and components of NetIQ Access Manager
Access Manager is a more traditional business application than most we’ve looked at this time around, although solutions like Ping Identity’s PingFederate are still aimed at corporate IT stores looking to tune individual components. for performance, reliability and safety. Appliance-based installation offers a different kind of flexibility as it allows you to configure Access Manager in a more controlled private cloud environment. Both options require more installation, configuration, and maintenance than Identity as a Service (IDaaS) solutions. So unless your IT department is prepared to take on the extra workload (or pay for extra manpower), you might want to look elsewhere. .
The four components of Access Manager are the administrative console, the identity server, the access gateway, and the analytics server. The roles of the administrative console and the analytics server are self-explanatory, with the administrative console being the focal point for all configuration and policy changes and the analytics server taking care of business intelligence and business intelligence. reports.
The identity server role handles authentication traffic, whether it is single sign-on (SSO) using protocols such as Security Assertion Markup Language (SAML), Active Directory, LDAP, or even certificate-based authentication. Finally, the Access Gateway acts as a reverse proxy, allowing Internet clients to securely access legacy web applications hosted internally.
The company offers a set of installation documents that highlight the prerequisites, network and firewall requirements, and even the order in which the components should be installed. Additional post-installation steps are required to configure the local identity stores, again including Active Directory or LDAP.
The update process is an obvious concern about committing to an on-premises hosted IDM solution rather than purchasing a service. This is especially true for any areas that you really need to keep up to date, like your app catalog. CyberRes circumvents this problem by organizing the online application catalog and providing catalog data transparently through the administration console, which keeps the application catalog up-to-date and flexible while allowing your business to keep control over the platform as a whole.
Applications that exist in the Application Catalog can be installed in Access Manager through a set of steps very similar to the IDaaS cousins of the platform. Once an app is selected from the catalog, there are a few basic things to configure, such as your instance IDs in the web app, as well as your directory attributes to use in the cloud app. Access for specific users can be set using roles, with more advanced requirements such as specific authentication methods set using contracts (which we’ll cover a bit more in a minute).
For applications not available in the Application Catalog, Access Manager offers a connector studio, which allows you to configure custom applications using forms-based authentication or SAML. While most IDM suites provide a method for adding custom applications, Access Manager does a remarkable job of offering a wide variety of options while keeping things relatively intuitive, even providing a template for defining federation guidelines for. share the connector with other parties (such as other IT stores within your company).
NetIQ Access Manager Policy Management
Access Manager uses policies to manage the authorization of applications and other corporate resources, assign roles, and manage the flow of attributes using logic-based rules. Authorization policies are configured using conditions which, if met, trigger resulting actions, which can then authorize or deny an attempt or even enforce a specific contract (potentially requiring high authentication factors).
Risk-based authentication policies provide a way to dynamically assess authentication attempts to determine how risky an attempt is using factors such as geolocation, device fingerprint, or l user history. The advantage of risk-based policies is the possibility of exploiting more intrusive authentication factors when an attempt is considered to be of increased risk.
There is the potential for false positives, which is certainly a concern, as users inconvenienced by additional authentication requirements or outright denial of company resources ultimately costs time and money. to your business. But the alternative is not to require additional factors or to demand them all the time. Access Manager gives you a high degree of control over each of the factors associated with authentication risk.
Authentication contracts, although not technically considered policies in Access Manager, are used to configure how authentication to a particular identity store occurs. Contracts are defined within a particular identity server and determine which authentication methods should be invoked when a user attempts to access an application that references the contract. If a user has already performed the authentication required by a contract, they are authenticated silently.
Micro Focus offers perpetual licenses for Access Manager for $ 20 per user, or $ 8.40 per user based on an annual subscription. Software maintenance costs are an additional $ 4.50 per managed identity per year.
Overall, NetIQ Access Manager does not have the benefits of an IDaaS platform or a clean, intuitive user interface like most of the other solutions we’ve rounded up. However, if your priorities are more focused on the need to control the infrastructure and configuration behind your IDM platform, Access Manager may be worth a look.
Do you like what you read ?
Sign up for Laboratory report to get the latest reviews and best product advice delivered straight to your inbox.