Self-service, which provides quick ROI and great convenience, includes password resets, synchronization of passwords across systems and requesting additional resources. With more than 5,000 employees, Stuff4U desired a solution that would reduce password-related helpdesk calls.
Because self-service is generally offered via a Web-based interface, tight security is required. For each solution, we evaluated the mechanisms for ensuring that employees are identified and authenticated before being allowed to manipulate their passwords. All but Novell's solutions provide extensive mechanisms for managing this process. Employees who forget their passwords can be challenged through a series of questions from a supplied list containing queries such as "What was your childhood pet's name?"
Requiring correct answers to specific questions coupled with correct answers to a number of randomly chosen questions affords Stuff4U adequate security surrounding the employee-driven reset of a forgotten password. Novell says the next release will include this feature.
Policy Enforcement
Novell took the lead in policy enforcement and flexibility by offering extremely fine-grained control over the flow of information between systems. With a robust graphical interface and a manual creation method, Novell's solution lets you define authoritative sources of information and restrict the flow of data between systems down to the attribute level. We could allow specific attributes from a PeopleSoft system to flow into eDirectory--the backbone of Novell's solution--and restrict all other systems from modifying the HR-controlled attributes, such as the employee's name, title and date of birth.
Novell's solution restricts the information flow at the agent level, while other products require a workflow process within the provisioning system to act. Every solution let us reverse the changes, notify administrators or accept the changes, but Novell's approach offers the tightest control. In this regard, Novell's solution has the most secure method of maintaining resource integrity across all systems. This is one of the advantages of an agent-based system, which requires each managed system to have a small-footprint agent--deployed on the provisioning server or on the server hosting the managed system--that communicates with the provisioning server to provide policy enforcement and general provisioning functionality. Agentless systems, by comparison, use secure versions of common protocols, such as LDAP, ODBC or SSH, to communicate with the managed system.
With 80 stores, Stuff4U must keep account management centralized and automated, so users at remote locations can't create rogue accounts. We examined all solutions for their ability to notify administrators of unauthorized account creation or modification and reverse the changes automatically. All four solutions perform this task, so all integrated systems may be managed centrally while authoritative systems keep control of certain employee attributes. For example, Stuff4U's PeopleSoft maintained control of an employee's title and position; no other system could modify that information.
Auditing and Reporting
As is true of many retailers, Stuff4U has high employee turnover. Therefore, system administrators must stay on top of the activity regarding all aspects of provisioning--especially revocation. We evaluated each solution's audit logs and activity reports.
Only Novell's product lacks integrated reporting tools. Novell's auditing logs are highly configurable but require third-party solutions, such as Crystal Reports, to analyze and report on the data. Business Layers provided an integrated Crystal Reports engine, with a large number of preconfigured reports offering plenty of views of provisioning activity. Access360 also provided a lengthy list of preconfigured reports and could specify reports tailored to Stuff4U's needs.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
REPORTS
ANALYTICS
Follow 
