フィードを購読する

Red Hat Identity Management (IdM) is a centralized and comprehensive identity management solution that provides a wide range of features designed to help manage user identities, enforce security policies and facilitate access management. 

IdM offers a number of tailored and customizable features that will support the organization in implementing a 360-degree solution for managing identities, users and host security at scale, and it is included with a Red Hat Enterprise Linux (RHEL) subscription.

In this article we spotlight some of the features that IdM can bring to your organization.

User and group management

IdM simplifies user and group management by providing a centralized directory service based on Lightweight Directory Access Protocol (LDAP), one of the standards used to centrally store, manage and maintain information about users, organizations, services and more. LDAP also defines the communication language for operations on directory services, such as adding and searching for entities, and using it as an authentication source.

One of the primary differentiators that makes IdM different from other general-purpose identity management solutions is the tailored and optimized LDAP schema it includes. It is optimized to store and manage core systems and user attributes while reducing the complexity of these tasks. This allows administrators to more easily create, modify and delete user accounts and groups and more effectively manage their access rights.

Red Hat IdM includes:

  • Automated user provisioning: Integrate with existing directories such as Active Directory to automate the creation and management of user accounts
  • Role-based access control (RBAC): Define roles and assign permissions based on job functions, making sure that every user has  appropriate access levels
  • Integration with Active Directory: Integrate IdM with Microsoft Active Directory to provide one- or two-way trust, enabling access to Linux hosts for Windows users and vice-versa

Host and services management

Managing hosts and services is crucial for protecting the integrity of an organization's IT environment. IdM offers tools to manage host identities and their interactions within the network. Key features include:

  • Host enrollment: Enroll and manage host systems within the IdM domain, so only trusted hosts can interact with the network
  • Host management: Create and manage groups of hosts to apply access control and user authorizations at scale
  • Service principals: Create and manage service principals to control and protect interactions between services and applications
  • Host access and permissions: Define access and permissions on hosts or groups of hosts, including sudo rules

Authentication and single sign-on (SSO)

Organizations often offer services and applications internally that require authentication. IdM can facilitate the integration with these other services  supporting a variety of authentication methods. This can help improve an organization's security posture while simplifying the user experience. 

Key authentication features include:

  • Kerberos authentication: Leverage Kerberos for seamless single sign-on across the enterprise systems
  • Two-factor authentication (2FA): Enhance security by requiring users to provide two forms of identification, like OTPs (One Time Passwords) or Smart Cards
  • SSO integration: Integrate with other SSO solutions like the Red Hat Build of Keycloak to provide a unified authentication experience across different platforms and applications

Certificate management

Last but not least, managing digital certificates is essential for protecting communications and verifying identities. IdM includes built-in certificate management capabilities.

This capability can simplify and standardize the certificate management process, and it can be integrated in the workflows and processes that are already in place, providing:

  • Automated certificate issuance and renewal: Streamline the management of SSL/TLS certificates for users and hosts
  • Certificate Revocation: Quickly revoke compromised certificates to maintain the integrity of the network
  • External CA certificate management: While IdM offers a complete solution for certificate management and creation, it can also manage certificates coming from an external certificate authority

Network, high availability and automation

IdM core features are oriented towards identity management, but it also supports configuring an instance as a complete DNS server, allowing the creation and management of DNS entries, zones, forwarding and locations directly in the web interface or via the command line.

To provide more reliable service and reduce failures, IdM can be configured as a set of replicas so the data is always kept replicated and any functional replica can be reached at any point in time in case of problems.

When it comes to integrating IdM with existing workflows and implementing the automation of users, hosts and configuration management, there is a collection of modules and roles for Red Hat Ansible Automation Platform that can be used to automate:

  • Administrative actions (setup, configuration, maintenance) on the IdM instance(s)
  • Users and hosts management
  • DNS management
  • Certificate management

The dedicated Ansible certified collection redhat.rhel_idm is available on Red Hat Automation Hub and can help IdM administrators in day-by-day operations, potentially enabling self-service capabilities and providing integration with existing processes like users/hosts provisioning workflows and internal helpdesk user management tasks (password reset, lock/unlock accounts, etc.).

This collection and its related modules are also fully supported and certified by Red Hat.

Wrap up

Red Hat Identity Management is an ideal solution to standardize identity management in the enterprise, providing a tailored set of functions that can make these tasks easier and more efficient.

Learn more


執筆者紹介

Alessandro Rossi is an EMEA Senior Specialist Solution Architect for Red Hat Enterprise Linux with a passion for cloud platforms and automation.

Alessandro joined Red Hat in 2021, but he's been working in the Linux and open source ecosystem since 2012. He's done instructing and consulting for Red Hat and delivered training on Red Hat Enterprise Linux, Red Hat Ansible Automation Platform and Red Hat OpenShift, and has supported companies during solutions implementation.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

チャンネル別に見る

automation icon

自動化

テクノロジー、チームおよび環境に関する IT 自動化の最新情報

AI icon

AI (人工知能)

お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート

open hybrid cloud icon

オープン・ハイブリッドクラウド

ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。

security icon

セキュリティ

環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報

edge icon

エッジコンピューティング

エッジでの運用を単純化するプラットフォームのアップデート

Infrastructure icon

インフラストラクチャ

世界有数のエンタープライズ向け Linux プラットフォームの最新情報

application development icon

アプリケーション

アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細

Original series icon

オリジナル番組

エンタープライズ向けテクノロジーのメーカーやリーダーによるストーリー