Problem: Our enterprise uses id federation and recently purchased Tealeaf SaaS. Our on-prem user base is 6000+ users with all about a dozen requiring the “RegularUser” role. Manually adding/removing user access and permission levels is not easy to manage. It was confirmed that ID federation only authorizes, but does not manage permissions
Recommendation- Update IBM Id federation to authorize and set access levels to Tealeaf based on an organization's ADFS or LDAP systems. As an example, we have two AD groups we use on-prem to set user access levels. One is for admins and the other is for users. Establishing a relationship between these groups and Tealeaf roles will reduce the number of access control lists that need to be managed in large enterprises.
How will this idea be used?
This will allow a single point of administration through our enterprise security team. As employees leave or no longer require access, their permission is removed without have to make updates to Tealeaf.
|What is your industry?||Insurance|
|What is the idea priority?||High|
|Link to original RFE|