0

Authentication management

As a Service Owner, Doug also needs to ensure that his service enforces authentication requirements as per the IAM Standard to correctly validate the users of his service as they log on, and protect the confidentiality of authentication credentials. This includes complying with requirements for:

  • strong and secure passwords that are unique to that service (i.e. long, containing a mix of letters, numbers and characters, and not re-used across other work-related or personal accounts)
  • password storage ie using a Group-provisioned solution for password vaulting, and
  • session management ie leveraging the Group’s session management capability through Identity Manager