Identity Management System
Why is an Identity Management System Necessary?
In general, in public institutions, universities, large commercial institutions, the management of user accounts in IT systems, the correct and timely definition of authorization roles in the systems, the closure of accounts in cases of retirement, separation, assignment, promotion, or removal of old authorizations, the determination of passwords by administrators, and also the control of authorizations and accounts. There are serious problems such as the uncontrollability of these movements. Such situations can lead to serious data leaks. With the Identity Management system, it is possible to increase security, to solve the above problems, and to reduce time and labor costs by making the management of user accounts centralized and more secure.
Challenges in Identity Management
Management issues: A wide variety of IT applications, multiple roles, and users make management extremely difficult.
Security issues: Difficulty in administration can lead to security vulnerabilities. For example, illegal accounts can occur.
Complexity: Managing multiple apps gets pretty complicated.
Inefficiency: The management of identities can become quite inefficient and time-consuming.
Problems for the user: When a new employee starts working, they have to open more than one account at a time. The fact that they cannot do these from a single center and as self-service makes their job very difficult.
Legal compliance issues: Identity management must be managed in accordance with the law.
What is a Engerek?
Engerek is a web-based identity management system. It was developed with the Java programming language. Its main goal is to centrally manage corporate users and accounts. It has been developed as open source. It runs on Tomcat application server and supports MariaDB / MySQL / PostgreSQL databases as identity store.
For account management, directory systems such as OpenLDAP, MS Active Directory / MS Exchange, MariaDB / MySQL / PostgreSQL databases, special database tables, connectors for Linux operating systems including Pardus are provided. Engerek has connectors ready for integration with other IT systems. In this way, users can be managed by easily integrating IT applications into Engerek.
User accounts management and password management are done with Engerek. It is possible to define password policies. For example, a password policy can be defined such as 5 characters, 3 numbers in it, and the others are letters only. In addition, a self-service interface is also available in Engerek, where users can renew their passwords in case they forget their passwords.
With Engerek, workflows can be defined within the framework of the principle of separation of duties. Thanks to these workflows, it is possible for users to request roles or accounts as self-service. The user can request an account or a role from its own interface and can have the desired role and account after passing the necessary approval points. In addition, relations between roles can be established by adhering to the separation of duties. For example, users can be prevented from taking unwanted roles by defining rules such that a user who takes the A role cannot take the B role.
Engerek also includes an XML editor. By using this editor, new resources can be defined, workflows can be defined, scheduled tasks can be edited, and report templates can be prepared for Engerek.
It is aimed to implement the Engerek system in all private companies, public institutions and universities where the type and number of users and systems are high. In these institutions, in cases such as minimizing the above problems and their effects, preventing data entry repetitions if the data required for IT accounts are taken from a personnel management system, shortening the account opening time for new employees, closing all the accounts of the departing personnel on time, long-term leave, all the accounts of the personnel are kept. It is possible to disable and immediately reactivate the permission return, to reflect the organization, title and other information changes correctly to all accounts due to appointment / promotion, to reset the password in case users forget their passwords, and also to increase their ability to monitor / audit periodically or instantly.
It’s open source.
There is no license fee.
It is simple to use, not complicated.
It contains ready-made connectors.