Advanced Policy Manager

janrain guide techIntegration guide
Modern digital sites and applications — be they on web, mobile, or IoT devices — offer customers a variety of different experiences, services, and data. Janrain Advanced Policy Manager, which can be used with Janrain’s or most other CIAM solutions, makes it easy and efficient to centrally control who has access to what, across all your sites, inside and outside your organization. Access policies for content behind paywalls, restrictions for certain ages, user types, regions or similar criteria can easily be defined, enforced, and managed.

In today’s increasingly connected world, organizations strive to deliver more and better digital experiences, collecting and managing more customer data than ever before. As online properties become more sophisticated, the complexity of managing trust and access in real-time is growing as well. Deciding who can do what is not an easy task.

For modern online properties, it is not enough to authenticate customers’ identities; brands must also determine if they are authorized to use certain services or access certain data. For example, subscribers of an online news publication need to be authenticated upon login, but access to basic or premium content is granted based on which subscription customers have purchased. The subscription level is an attribute of the customer profile, and access is controlled based on this attribute.

Today’s access control requirements can involve complex rules and decision factors:

  • Payment and banking services require risk and fraud checks retrieved in real-time from multiple external parties
  • Medical and pharmaceutical sites must control patient data access based on a variety of privacy protection regulations, such as HIPAA and HITECH
  • Consumer goods sold or promoted on digital sites are subject to regulations (like age restrictions) that differ across the globe
  • Media content might require region-specific access restrictions due to license agreements, copyright conflicts, or subscription level

Gartner predicts that attribute-based access control (ABAC) will be used by 70% of enterprises by 2020, replacing role-based access control (RBAC) as the dominant mechanism to protect critical assets. Janrain Advanced Policy Manager supports this evolution by enabling businesses to handle even the most complex control requirements. It makes access management simple and agile, with policies that are easy to set up and that manage access centrally and across the entire business.

Advanced Policy Manager streamlines and simplifies access governance

Decision as a service: Trust frameworks for access authorization

Today, access authorization is typically fragmented and distributed across multiple functions within an enterprise, hard-coded into various local applications and implemented using a variety of non-standard techniques and technologies. This disjointed approach makes policy changes cumbersome, costly to implement, hard to document or audit and, most importantly, unsecure and error-prone.

With the Janrain Advanced Policy Manager, brands can easily create and manage business rules that define who is authorized to access a particular website, mobile application, IP-connected device or a specific resource or product, and under what conditions

  • Access policy management is centralized and abstracted from underlying applications. A cloud-based decision as a service for authorization requests separates access control from the application stack and reduces effort and cost in the development and maintenance process.
  • The Advanced Policy Manager makes it easy and intuitive to define and administer access control for both technical and non-technical users, while allowing rules at a very granular level.
  • Trust frameworks provide a single, enterprise-wide view of your data and services ecosystem and the users who access it. This gives organizations a complete and accurate map of the “what” and the “who” in the user, data and services environment.
  • As a result, there is a clear single source of truth for authorization logic, regardless of the number of applications involved.
  • Access control rules and authorization logic can be demonstrated in one single place, which helps businesses to comply with regulatory requirements or industry standards, such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or Service Organizational Controls (SOC).

Advanced Policy Manager: Components

Policy Administration Point (PAP)

The Advanced Policy Manager is the front-end user interface for business users, providing a powerful policy administration point (PAP) and enabling easy management of authorization policies by non-technical users. Advanced Policy Manager lets you quickly create business rules to define who is authorized to access what resource, and under what conditions.

Policy Decision Point (PDP)

The Authorization Engine analyses each incoming access request and determines whether it should be accepted or denied, based on the business rules set up in the Advanced Policy Manager. Built for high performance and scalability, requests are evaluated in milliseconds, with no perceptible delay to the end user. The Authorization Engine logs every request (accepted or not) to give you a complete audit trail of access requests.

PDP Framework

The PDP Framework gives you visibility of policies, rules and access requests in one location, a complete view of who can access what and who has accessed what. It establishes a central governance point for access management using Advanced Policy Manager, centralized proof of compliance, and a valuable source of real-time intelligence for your information security functions, as well as for business intelligence.

Contact Us CIAM Buyer's Guide