System Component Examples
Component examples include sample enterprise ICAM tools (e.g., solutions, applications, and software) aligned with ICAM service areas that illustrate ICAM functionality at an agency. The component examples are designed for enterprise architects, security engineers, and solution architects to facilitate discussions regarding the technology solutions to integrate with enterprise applications, and the business requirements.
The systems components are representative examples only. Some solutions chosen by your agency may span across more than one service area.
The following figure is an example for a small selection of system components only. You can modify the graphic and incorporate as-is and target state system components for enterprise roadmap planning.
An authoritative source is a trusted repository of identity attribute data. It’s possible to have multiple authoritative sources for attributes.
Authoritative sources systems components may include:
- Human Resource systems such as payroll, time and attendance, and benefits administration
- Agency or government-wide Learning Management Systems
- Agency or government-wide Personnel Security systems for security and suitability
- Directory services including on-premise or cloud-based directory services
- Other external or internal sources
Identity Management Systems
Identity Management Systems are how an agency manages the identity lifecycle.
Identity management systems components may include:
- Identity lifecycle management services including provisioning and workflow
- Role management or role manager applications
- Identity correlation or aggregation
- Directory management
Access Management Systems
Access Management Systems are how an agency leverages credentials to authenticate individuals and authorize access to protected resources.
Access management systems components may include:
- Enterprise single sign-on (eSSO) applications
- Web access management applications
- Physical or facility access control systems
- Privileged access management applications
- Access policy and access rules repositories
- Policy enforcement points
- Policy decision points
- Virtual private networks
- Cloud access security brokers
- Network access management tools
Credential Management Systems
Credential Management Systems are how an agency manages an authentication token bound to an identity.
Credential management systems components may include:
- PIV credential service provider solutions
- Other, non-PKI, credential service provider solutions
- Federated certification authorities
- Private certification authorities
- Key management services
- Enterprise certificate manager
- Multi-factor authentication managers for software and hardware tokens
- Password managers
Governance is the set of components to centralize management, develop insights, and assist in managing ICAM areas and services. Applications across all service areas include auditing such as standard audit logs or configuration of auditable events. Governance includes the aggregation of individual auditing and reporting into centralized tools to perform real-time or near real-time analysis, identify anomalies, and trigger mitigations for anomalous authentication or authorization events. Tools are increasingly incorporating machine learning or adaptive algorithms.
Governance systems components may include:
- Identity governance solutions to perform access re-certifications
- IT Service Management (ITSM)
- Security information and event monitoring (SIEM)
Agency endpoints are resources that an agency needs to protect, including physical and digital resources.
Agency endpoints may include:
- On-premise applications
- Cloud-based applications and platforms
- Agency private networks
- Government cloud email services
- Government facilities