THIS IS FOR IBM INFOSPHERE IDENTITY INSIGHT*****
We have deployed Identity Insight (II) v9, which uses IBM Liberty and supports the full Liberty framework for authentication. Our II Liberty implementation is configured to use an OpenIdConnect (OIDC) client for authentication with and OIDC server (Okta). This configuration is significant in that we have to conform with the State of New York's enterprise standard of OIDC with Okta. The NYS enterprise Okta ID provider solution uses the statewide LDAP directory. Administration of User IDs and Group IDs is centrally managed for all 65 agencies in the State with well established rules, policies and processes. Unfortunately, two key components of the II product, II Explorer and the i2 Analyst Notebook plug-in for II, do NOT presently support the full Liberty framework for authentication. Rather, they support ONLY the Liberty basic authentication scheme, which is a manual configuration of users and passwords within each deployed Liberty server. This is highly suboptimal for these reasons: 1) There are hundreds of users that now need to be manually administered across multiple Liberty servers, which the NYS central enterprise staff refuse to own, 2) This does not conform with the NYS standard for identity management, 3) There is no way to configure and support a Single SignOn solution.
|Who would benefit from this IDEA?||1) All NYS users of Identity Insight will benefit from this enhancement. 2) The NYS II implementation will then be deemed to be in conformance with the NYS enterprise standard for Identity Management.|
How should it work?
The II Explorer and the i2 Analyst Notebook plug-in for II should be enhanced to support Liberty's full authentication framework, including the use of OpenIdConnect.
|Priority Justification||1) Current II implementation is non-conforming to NYS enterprise standards, 2) Potential security exposures due to de-centralized, multiple ID provider solutions, 3) inconsistencies in the II product itself.|
|Client Name||State of New York|
|IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.|
|IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.|
|In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.|
|NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "firstname.lastname@example.org" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions|