Chapter 1. Introduction to Red Hat Identity Management

This chapter explains the purpose of Red Hat Identity Management. It also provides basic information about the Identity Management domain, including the client and server machines that are part of the domain.

1.1. The Goal of Red Hat Identity Management

Red Hat Identity Management (IdM) provides a centralized and unified way to manage identity stores, authentication, policies, and authorization policies in a Linux-based domain. IdM significantly reduces the administrative overhead of managing different services individually and using different tools on different machines.

IdM is one of the few centralized identity, policy, and authorization software solutions that support:

Advanced features of Linux operating system environments
Unifying large groups of Linux machines
Native integration with Active Directory

IdM creates a Linux-based and Linux-controlled domain:

IdM builds on existing, native Linux tools and protocols. It has its own processes and configuration, but its underlying technologies are well-established on Linux systems and trusted by Linux administrators.
IdM servers and clients are Red Hat Enterprise Linux machines. However, even though IdM does not support Windows clients directly, it allows integration with Active Directory environment.
Note
This guide describes using IdM in Linux environments only. For more information on integration with Active Directory, see the Windows Integration Guide.
For information on the Samba suite, which allows integrating Linux machines into Active Directory environment, see the Using Samba, Kerberos, and Winbind chapter in the Windows Integration Guide.

1.1.1. Examples of Benefits Brought by IdM

Managing identities and policies with several Linux servers

Without IdM: Each server is administered separately. All passwords are saved on the local machines. The IT administrator manages users on every machine, sets authentication and authorization policies separately, and maintains local passwords.

With IdM: The IT administrator can:

Maintain the identities in one central place: the IdM server
Apply policies uniformly to multiples of machines at the same time
Set different access levels for users by using host-based access control, delegation, and other rules
Centrally manage privilege escalation rules
Define how home directories are mounted

Enterprise single sign-on

Without IdM: Users log in to the system and are prompted for a password every single time they access a service or application. These passwords might be different, and the users have to remember which credential to use for which application.

With IdM: After users log in to the system, they can access multiple services and applications without being repeatedly asked for their credentials. This helps:

Improve usability
Reduce the security risk of passwords being written down or stored insecurely
Boost user productivity

Managing a mixed Linux and Windows environment

Without IdM: Windows systems are managed in an Active Directory forest, but development, production, and other teams have many Linux systems. The Linux systems are excluded from the Active Directory environment.

With IdM: The IT administrator can:

Manage the Linux systems using native Linux tools
Integrate the Linux systems with the Windows systems, thus preserving a centralized user store
Expand the Linux base easily
Separate management of Linux and Active Directory machines and enable Linux and Windows admins to control their environment directly

1.1.2. Contrasting Identity Management with a Standard LDAP Directory

A standard LDAP directory, such as Red Hat Directory Server, is a general-purpose directory: it can be customized to fit a broad range of use cases.

Schema: a flexible schema that can be customized for a vast array of entries, such as users, machines, network entities, physical equipment, or buildings.
Typically used as: a back-end directory to store data for other applications, such as business applications that provide services on the Internet.

Identity Management (IdM) has a specific purpose: managing identities as well as authentication and authorization policies that relate to these identities.

Schema: a specific schema that defines a particular set of entries relevant to its purpose, such as entries for user or machine identities.
Typically used as: the identity and authentication server to manage identities within the boundaries of an enterprise or a project.

The underlying directory server technology is the same for both Red Hat Directory Server and IdM. However, IdM is optimized to manage identities. This limits its general extensibility, but also brings certain benefits: simpler configuration, better automation of resource management, and increased efficiency in managing identities.

Additional Resources

Identity Management or Red Hat Directory Server – Which One Should I Use? on the Red Hat Enterprise Linux Blog.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories