Identity management once meant provisioning users and managing their passwords in Active Directory. But as organisations add more cloud applications to their IT environment, the process of managing users’ identities is getting more complex. One of the major components of identity management is passwords—often the first line of defence when it comes to securing user accounts.
Before the advent of the cloud, password management was mainly handled through Active Directory password policies. Now, with the proliferation of cloud applications, everyone—from managers to IT admins—needs to remember more than one password. As a result, users resort to using weak passwords because they’re easier to remember. However, we all know that weak passwords put IT security at risk. This is where a well-planned password management strategy can help you implement a identity management system for cloud applications that is secure, compliant, and easy to manage.
Here’s what you should look for in a cloud identity management system to manage passwords:
Eliminate identity chaos with single sign-on (SSO)
A single sign-on (SSO) solution with Active Directory integration capabilities could go a long way in eliminating identity chaos in your organisation. With SSO, users are given one set of credentials to access multiple applications (both on-premises and in the cloud). Users can only access certain applications based on their group membership. SSO helps organisations roll out new applications rapidly without burdening the IT staff. And when Active Directory identities are used, it becomes that much easier to control and deprovision access to applications.
Simplify identities with password synchronisation
In a password synchronisation model, users’ passwords are synchronised across various applications. Each password change in Active Directory or cloud applications is automatically replicated in all other integrated applications. From end users’ perspective, this means simply using the same password to log in to all their applications. With password synchronisation, you can enforce a strong complex password policy without the fear of users forgetting their passwords. And, unlike the SSO model, password synchronisation doesn’t place any extra infrastructure burden on the organisation, nor does it have a single point of failure.
More password management tips for secure cloud identity management
Once you’ve decided whether to use SSO or password synchronisation, you should then focus on how to make passwords stronger. Not all applications have the same strong password complexity requirements. So make sure that you have a centralised password policy in place that forces the use of strong, complex passwords across all applications. A granular password policy is even better, making sure that privileged accounts have a much stronger password policy than other user accounts.
Finally, even with a fine-tuned password management strategy in place, users might still need assistance when they forget their passwords and get locked out of their accounts. Password resets and account unlocks not only affect employee productivity, but also increase the workload of help desk staff and IT admins. To avoid password-related help desk calls, make sure your identity management systems support self-service capabilities.
To find out about ManageEngine’s range of identity and access management solutions, click here.