Identity and Access Management
Book
MidPoint
- Compliance
  - ISO 27001
    - 5.1
    - 5.2
    - 5.3
    - 5.4
    - 5.5
    - 5.6
    - 5.7
    - 5.8
    - 5.9
    - 5.10
    - 5.11
    - 5.12
    - 5.13
    - 5.14
    - 5.15
    - 5.16
    - 5.17
    - 5.18
    - 5.19
    - 5.20
    - 5.21
    - 5.22
    - 5.23
    - 5.24
    - 5.25
    - 5.26
    - 5.27
    - 5.28
    - 5.29
    - 5.30
    - 5.31
    - 5.32
    - 5.33
    - 5.34
    - 5.35
    - 5.36
    - 5.37
    - 6.1
    - 6.2
    - 6.3
    - 6.4
Identity Connectors
Support
Trainings
Evolveum
Community
Library
Case Studies
Talks
Glossary
Frequently Asked Questions
About

ISO/IEC 27001 Control 5.17: Authentication information

Control

Allocation and management of authentication information should be controlled by a management process, including advising personnel on the appropriate handling of authentication information.

Necessity of MidPoint

MidPoint is necessary to implement this control properly.

MidPoint features and capabilities are essential for efficient implementation of this control. While it is theoretically possible to implement this control without a comprehensive IGA platform in place, the implementation is likely to be inefficient, costly, slow and unreliable in the long run. MidPoint can make implementation of this control efficient and reliable.

Implementation Overview

MidPoint is designed to manage authentication information, especially passwords.

Implementation Details

MidPoint is built to distribute authentication information to target systems, making sure that the passwords are strong and up-to-date. MidPoint self-service user interface can be used to manage authentication information by users, including interactive indication of password strength. Password complexity and lifetime policies can be specified, enforced and they can also be used to generate strong passwords. MidPoint can be used to quickly change password or deactivate accounts on all connected systems, in an event of password compromise. Events related to change of authentication information are recorded in audit trail.

Implementation Notes

This control is mostly about password management, it does not deal much with non-password authentication or credentials. ISO/IEC 24760 is referenced for that.
MidPoint relies on cooperation of an access management (AM/SSO) system to implement most of the authentication and enforcement capabilities. MidPoint can manage authentication information, such as passwords or passkeys. However, midPoint cannot efficiently deal with authentication itself, or aspect of credential management related to authentication, such as forcing password change on next log-in. This functionality has to be implemented in close cooperation with the authentication system.
Management of initial passwords and self-service password resets do not have any ideal solution. There are numerous trade-offs and compromises to be made. The solution has to be custom made for every organization or environment. Please see discussion document linked below for more details.

Rationale

MidPoint can improve authentication level in a company by centrally enforcing password policy thanks to its password management.

Documentation

Version	Title	Description
Development	Initial Password Management Discussion	Discussion of practices for establishing initial passwords and password reset
4.8	Initial Password Management Discussion	Discussion of practices for establishing initial passwords and password reset

Version

Title

Description

Development

Initial Password Management Discussion

Discussion of practices for establishing initial passwords and password reset

4.8

Initial Password Management Discussion

Discussion of practices for establishing initial passwords and password reset

Was this page helpful?

YES NO

Thanks for your feedback