Amagqabantshintshi eSazisi kunye noLawulo lokuFikelela (i-IAM) kunye noMboneleli weSazisi (i-IdP)

Isazisi kunye noLawulo lokuFikelela luluqeqesho lokhuseleko olwenza ukuba abantu abafanelekileyo bakwazi ukufikelela kwizibonelelo ezifanelekileyo ngexesha elifanelekileyo ngezizathu ezifanelekileyo.

Kule posi, siza kugubungela ukujonga izihloko eziphambili ezinxulumene noLwazi kunye noLawulo lokuFikelela.

Yintoni i-ID

Xa umntu ezama ukufikelela kwisibonelelo, kufuneka siqiniseke ukuba umsebenzisi ungubani na.

Isazisi yinkqubo yokunikezela isazisi esisodwa kubo bonke abasebenzisi bomntu ngamnye ukuze babonakale.

Izicelo kunye neenkqubo zisebenzisa ukuchonga ukumisela ukuba umsebenzisi anganakho ukufikelela kubutyebi.

Inkqubo yolawulo lwesazisi ibandakanya ukudalwa, ukuphathwa kunye nokucinywa kwesazisi ngaphandle kokukhathazeka ngamanqanaba okufikelela.

Yintoni uQinisekiso

Ukuqinisekiswa yinkqubo yokubonisa isazisi. Ukwenza njalo, umsebenzisi makangenise iziqinisekiso zabo kwiziko lokuqinisekisa ukuze afikelele.

Uqinisekiso luhlala lubizwa ngokuba yi-AuthN.

Ukuchonga yenzeka xa umsebenzisi ebiza isazisi (njengegama lomsebenzisi). Uqinisekiso yenzeka xa abasebenzisi bungqina ubungqina babo.

Kukho iindlela ezahlukeneyo zokungqinisisa:

Ukuqinisekiswa kwezinto ezininzi (MFA)

Ngokubanzi, kukho izinto ezintathu eziqhelekileyo ezinokusetyenziselwa ukungqinisisa:

• Into oyaziyo (njengegama eligqithisiweyo)
• Into onayo (njengekhadi le-smart)
• Into oyiyo (njengeminwe okanye enye indlela yebhayometri)

Ukuqinisekiswa kwezinto ezininzi kusetyenziswa 2 okanye nangaphezulu kwazo naziphi na kwezi ndlela.

Injongo yokuqinisekiswa kwezinto ezininzi kukongeza olunye ukhuseleko kwinkqubo yokuqinisekisa.

Ukungena kwelinye (SSO)

Ukungena kwelinye (SSO) yipropathi evumela umsebenzisi ukuba angene kwinkqubo enye, kwaye afumane ukufikelela kuzo zonke ezinye iinkqubo ezinxulumene nayo.

Umzekelo we-SSO kuxa ungena kuGoogle kwaye emva koko unokufikelela kwi-gmail, kuGoogle Amaxwebhu, kuGoogle AmaSpredishithi, ngaphandle kokunikezela ngeenkcukacha zakho zokungena kwakhona.

Umanyano

Umfelandawonye uvumela i-SSO kwimimandla emininzi. UGoogle noFacebook babini babanikezeli abakhulu beFederation.

Oku kuvumela abasebenzisi bethu ukuba baqinisekise kwiinkqubo zethu besebenzisa iziqinisekiso esele zikho kunye nabo baboneleli.

Iimpawu

Iimpawu zinokuba zizixhobo zekhompyuter okanye ezisekwe kwisoftware kwaye zibonelele ngendlela yokuqinisekisa ejikeleze 'into onayo'.

Iimpawu zekhompyuter zinokuba 'ngamakhadi smart' onokuwasebenzisa ukuqhagamshela kwikhompyuter yakho ngokufunda ikhadi elinikezela ubunyani.

Iithokheni zesoftware ngokubanzi zinokufakwa nakwesiphi na isixhobo (umz.iselfowuni) kwaye zisetyenziselwa ukwenza ikhowudi yokupasa yexesha elinye.

Ugunyaziso

Ugunyaziso yinkqubo yokumisela ukuba ngabaphi abasebenzisi abanokufikelela kwezixhobo kwinkqubo.

Abasebenzisi babelwe okanye banikwe ukufikelela kwizibonelelo ezithile ngaphakathi kwenkqubo. Olu fikelelo luhlala lusekwe kwindima yomsebenzisi.

Nje ukuba umsebenzisi aqinisekiswe, emva koko bagunyazisiwe ukuba bafikelele kwizibonelelo abazabelweyo.

Idibeneyo:

• Ulwazi loKhuseleko loLwazi
• Ukugcinwa kwemfihlo, ukuthembeka, ukufumaneka

Kutheni le nto sifuna i-IAM

Sifuna i-IAM ngezizathu ezininzi:

Okokuqala, sifuna i-IAM ukukhusela iinkqubo zethu. Asifuni nje nabani na ukuba afumane idatha yethu yabucala okanye eyimfihlo ngaphandle kokungqina ubungqina babo.

Okwesibini, kufuneka siqinisekise ukuba kuphela ngabantu abagunyazisiweyo abanokufikelela kwizibonelelo ababelwe zona.

Sikwafuna i-IAM yokuphendula. Ukuba isenzo senziwe, kufuneka sazi ukuba ngubani owenze loo nto. Singajonga kwiilog zenkqubo ezinikezelwe kwisazisi. Ngaphandle kwe-IAM, asinayo indlela yokwazi ukuba ngubani owenze manyathelo mani.

Sebenzisa uMbonisi weSazisi (i-IdP)

Kwiintsuku zokuqala xa abaphuhlisi besakha usetyenziso olufuna ukuqinisekiswa komsebenzisi, kuye kwafuneka benze ivenkile yomsebenzisi ngaphakathi kwesicelo ukuze babone. Ngaphezulu koko abaphuhlisi kuye kwafuneka benze indlela ethile yokuqinisekisa kunye neendima kunye neenjini zamalungelo.

Isicelo ngasinye esitsha sifuna oku kuseta. Iingxaki koku yayikukuba xa indlela yokuqinisekisa kufuneka itshintshe, abaphuhlisi kufuneka baguqule zonke izicelo ukulungiselela iimfuno ezintsha.

Sebenzisa indlela yokuqinisekisa yendawo kubuhlungu kubasebenzisi, abaphuhlisi kunye nabalawuli:

• Abasebenzisi kufuneka bangene igama lomsebenzisi kunye negama lokugqitha ukufikelela kwisicelo ngasinye, okt akukho lwazi lwe-SSO
• Isengakhokelela ekusebenziseni ipassword ebuthathaka okanye ukuphinda usebenzise amagama okugqitha
• Abaphuhlisi kufuneka baphathe enye inkonzo
• Akukho ndawo iphakathi yokulawula abasebenzisi

Sebenzisa uMbonisi weSazisi (i-IdP) usombulula ezi ngxaki.

Imodeli yokuFikelela eseBango

Indlela yesazisi kunye noLawulo lokuFikelela isebenzisa imodeli yokufikelela esekwe kwibango.

Kufikelelo olusekwe kwibango abaphuhlisi babuyisela umgaqo wokungqinisisa kwisicelo kunye nelogic elula enokwamkela ifayile ye- Kleyima .

UKUYA Ithemba kusekwe phakathi kwesicelo kunye nomthombo wokungqinisisa kunye nokugunyazisa kule meko umniki-sazisi okanye i-IdP.

Isicelo siyakwamkela ngovuyo ibango elithunyelwa kwi-IdP.

Kananjalo isicelo akufuneki siphathe nawaphi na amagama agqithisiweyo kuba abasebenzisi bengaze bangqinisise ngqo kwisicelo. Endaweni yokuba abasebenzisi baqiniseke kumboneleli wesazisi owenza ibango okanye ithokheni yokufikelela ethunyelwe kwisicelo.

Sebenzisa uMbonisi weSazisi kuthetha:

• Abaphuhlisi akufuneki benze iindlela zokuqinisekisa ezomeleleyo; Kwaye akufuneki bakhusele abasebenzisi amagama okugqitha
• Ukuba utshintsho kwindlela yokuqinisekisa iyafuneka siyitshintsha kuphela kumnikezeli wesazisi. Isicelo asihlali silungisiwe
• Abasebenzisi bonwabile-banokuqinisekiswa kanye kubanikezeli besazisi kunye nokungena ngaphandle komthungo kwezinye izicelo ezinikiweyo, okt (SSO)
• Abalawuli bonwabile- ukuba umsebenzisi ushiya inkampani umlawuli unokukhubaza umsebenzisi kumnikezeli wesazisi kwaye kwangoko arhoxise lonke ufikelelo.

Isishwankathelo

Id

Isazisi yinkqubo yokunikezela isazisi esisodwa kubo bonke abasebenzisi bomntu ngamnye ukuze babonakale.

Isiqinisekiso ngokugunyazisa

UmbhaliN

• Isenzo sokubonisa ukuba ungubani
• Ihlala ibizwa ngokuba yi-AuthN
• Iindlela eziqhelekileyo ze-AuthN:
  
  
  • Ukuqinisekiswa okusekwe kwifom (igama lomsebenzisi kunye negama lokugqitha)
  
  
  • Ukuqinisekiswa kweZinto ezininzi (MFA)
  
  
  • Iimpawu
  
  

UmbhaliZ

• Isenzo sokunika umntu ukufikelela
• Ihlala ibizwa ngokuba yiAuthZ
• Imizekelo yeAuthZ
  
  
  • Into yakho yomsebenzisi lilungu leqela. Iqela linelungelo kwifolda enamalungelo athile. Ugunyazisiwe ukuba unxibelelane neefayile ngaphakathi kwifolda.
  
  

IdP

• Indawo esembindini yokulawula abasebenzisi, ukuqinisekiswa kunye nokugunyaziswa
• Ikhuseleke ngakumbi, inyanzelisa imigangatho yeshishini kulawulo lomsebenzisi kunye negama lokugqitha
• Ukubonelela nge-SSO
• Ulawulo lokufikelela ngokulula kunye nokurhoxiswa