1. User Source of Truth o Current State: Utilize Microsoft Active Directory as the existing authoritative source. o Expansion: Extend identity management to include cloud, SaaS, and on-premises systems. External and Employee identities. o Data Migration: Enable the initial population of the new identity repository using data from Active Directory. 2. User Authentication o Support multiple authentication methods (e.g., passwords, biometrics, two-factor authentication). o Provide Single Sign-On (SSO) capabilities to enable seamless cross-application access. o Implement adaptive authentication that adjusts security measures based on user behavior and risk levels. o Device-Bound FIDO Passkeys: Incorporate FIDO2/WebAuth standards for enhanced security. o Password less Authentication: Transition toward password less methods using biometrics and FIDO passkeys. 3. User Authorization o Enforce Attribute-Based Access Control (ABAC) using user attributes, resource characteristics, and contextual conditions. o Implement fine-grained access controls integrated with existing directory services.
