IBM Advanced Business Partner - Authorized Software Value Plus Tivoli

IBM Advanced Business Partner

IBM Tivoli Access Manager for e-Business
Access Management Software


IBM Software
IBM Tivoli Access Manager for e-Business
IBM Tivoli Access Manager for e-Business Call for lowest Price! Get a Quote!



IBM Tivoli® Access Manager for e-business is a single sign-on (SSO) solution that authorizes and authenticates user access to Web and other hosted applications.

Tivoli® Access Manager for e-business software is a highly scalable user authentication, authorization and Web SSO solution for enforcing security policies over a wide range of Web and application resources. It centralizes user access management for online portal and business initiatives.

  • Implement centralized user authentication and authorization management for online portal and business initiatives
  • Deliver consistent Web single sign-on (SSO) to users across heterogeneous Web applications and services, including IBM WebSphere®, Microsoft®, SAP and many other application environments
  • Manage and enforce policy-based access control and Web security to your enterprise-wide applications, with the ability to scale to tens of millions of users
  • Expand federated access control to on- and off-premise applications, SaaS and cloud-based services and B2C user self care with the modular upgrade to IBM Tivoli Federated Identity Manager
  • Enhance integration with IBM WebSphere DataPower SOA Appliances for seamless SSO and user session management in Web 2.0 and Web services environments
  • Implement centralized Web SSO and access control for Java™ and .NET environments including Microsoft SharePoint and Exchange servers
  • Provide advanced security capabilities to address key Web vulnerabilities and support flexible strong and risk-based authentication

Features & Benefits:

Business Benefits:

Tivoli® Access Manager for e-business is a versatile solution for authentication and authorization problems. Primarily focused on Web applications, Access Manager implementations vary from simple Single Sign-on (SSO) to more complex security infrastructure deployments.

Access Manager for e-business can help you manage growth and complexity, control escalating management costs, and address the difficulties of implementing security policies across a wide range of Web and application resources. It works by centrally managing security and audit policy for enforcement points that can be placed as a proxy in front of Web applications, or through authorization and authentication plug-ins direct into a Web server or application-server environment. You can use Access Manager to control wired and wireless access to applications and data, to help bar unauthorized users. For authorized users, Access Manager integrates with Web applications and servers to deliver a secured and unified business experience. It helps you secure access to business-critical applications and data spread across the extended enterprise, allowing highly available, scalable transactions with partners, customers, suppliers, and employees.

Tivoli Access Manager for e-business helps:

  • Define and manage a centralized authentication, access, and audit policy for a broad range of business initiatives such as employee, customer and partner portals, CRM systems, e-procurement, cross-company single sign-on (SSO) projects, and outsourcing projects.
  • Establish a new audit and reporting service which collects audit data from multiple enforcement points as well as from other platforms and security applications. A central point for reporting on security events and sample reports are included
  • Enable a flexible SSO to Web-based applications that can span multiple sites or domains with a range of SSO options, to help eliminate help-desk calls and other security problems associated with multiple passwords. By integrating with other SSO providers (such as Kerberos from a Microsoft domain logon, and client/server SSO solutions) Access Manager goes beyond 'reduced sign-on' to help implement a single authentication for the user across all system interactions. For standardized cross-domain authentication (federation) using SAML, Liberty ID/FF, and WS-Federation, Tivoli Access Manager for e-business customers can also upgrade to Tivoli Federated Identity Manager.
  • Leverage a common security policy model with the Tivoli Access Manager family of products to extend support to other resources, such as WebSphere® MQ applications, and UNIX and Linux system resources.
  • Provide a base for federation: Companies that choose to collaborate in identity-based business processes may benefit from IBM Tivoli Federated Identity Manager's ability to help simplify integration between companies and their partners' Web sites. Federated SSO solutions, such as Tivoli Federated Identity Manager add standardized cross-domain SSO (SAML, Liberty, WS-Federation) to a security system. However these typically need first-point-of-contact and session management to already be in place; Access Manager fills that role (and Access Manager for e-business customers can upgrade to Tivoli Federated Identity Manager if federation becomes a requirement in the future).
  • Manage and secure your business environments from your existing hardware (mainframe, PCs, servers) and operating system platforms including Windows, Linux, AIX, Solaris, and HP-UX.
Features, Advantages and Benefits
Features: Advantages: Benefits:
Rules based authorization engine Change access-influencing policy parameters without having to rewrite and recompile applications Dramatically improve both how quickly your applications are deployed and how quickly they adapt; Significantly reduce numbers of groups
Microsoft desktop single sign on Windows users can be automatically authenticated to applications protected by Access Manager for e-business Enhanced user experience, reduced help desk costs with one less password to remember
Integration with over 70 ISV offerings including Siebel CRM, SAP, PeopleSoft and Portal solutions from WebSphere, Plumtree and others Enterprises benefit from a common security model (authentication, access control, Single Sign On and audit) across the e-business, ISV and legacy applications Reduces costly integrations and delivers rapid time to value in solution deployment because enterprises can standardize on a single identity and access management platform
J2EE Security for WebSphere and BEA Application Servers (SSPI) Leverages J2EE investment and enables applications to be managed as part of a consistent, policy-driven strategy Supports J2EE, Java 2 and JAAS environments, with no plug-in required, no proprietary coding needed and no pre- or post-compile necessary
Multiple directory support Customers can deploy the security architecture of their choice Leverage existing investments in directory infrastructure with performance tuning and fail-over support for added availability and performance
Support for dynamic groups native to Tivoli Directory Server and Sun One Directory Server Upper limit on static groups, makes dynamic groups the only option in some cases, while they may be preferred in other environments Integrates with existing data management environments
Extended z/OS support for WebSphere platform Enables integrated security management for critical WebSphere applications leveraging IMS, CICS and DB2 transactions Breadth of platform coverage
Web Server agents support Customers can deploy the security architecture of their choice Enables deployment flexibility -- with support for proxies, plug-ins, and agents -- for achieving highly secure e-business
Customer Self-Registration Template Self-Registration capability enables end-users to quickly self-enroll to the Enterprise Web environment without requiring manual intervention or lengthy procedures Reduces administrative cost by delivering rapid enrollment and personalized access to end-users (customers) at their convenience with integrated self-care
Extended auditing and reporting capabilities Audit records are written in standard XML format. Information-gathering tool allows secure, centralized collection and reporting of audit, log, statistics etc. across the extended enterprise. Eases parsing, extraction and reporting of required information for audit and management

Other Key Features:

  • Policy-driven security helping to enforce compliance - You can group users and assign permissions to groups, simplifying administration of access control across multiple applications and resources. There is support for dynamic rules, dynamic business entitlements, and authorization decisions based on external data for applications that require it.
  • Enhanced Auditing helping to streamline reporting with Common Auditing and Reporting Services (CARS) - Tivoli Access Manager includes IBM’s new Common Auditing and Reporting Service (CARS) platform, which provides a consistent way to audit and report on data. Currently, it is difficult for enterprises to gather required information on who accessed what application/data when. For example, this can help ensure that financial data applications or HR applications with sensitive information are accessed appropriately. CARS automates the collection of audit data and provides the ability for enterprises to centrally view and report audit data that are critical for compliance needs. This allows the audit process to be much more efficient and reduces the cost of compliance.
  • Centralized administration reducing costs and enhancing security - Tivoli Access Manager includes a Web browser-based tool with which your administrator can manage users, groups, roles, permissions, policies, proxy junctions, and application access provisioning. This tool extends beyond delegated user management to also deliver delegated security administration.
  • Integrated identity management for greater value on your investment - Tivoli Access Manager for e-business can integrate with IBM Tivoli Identity Manager to help you get users, systems, and applications on-line and productive fast. IBM Tivoli Identity Manager has an Access Manager adapter that offers identity lifecycle management (user self care, enrollment, approvals workflow, and provisioning) extending Access Manager user management to be handled alongside other security systems.

    IBM Tivoli Access Manager helps you deliver a consistent and secure user experience by having end users use a single identity to log in once to the Enterprise Portal or Microsoft IIS Server and gain access to resources according to authorization rules. With support for Web SSO and secure session management across e-communities, it helps securely extend your business processes to business partners and business affiliates, and with the option to upgrade to Tivoli Federated Identity Manager, this can now extend to SAML, Liberty and WS-Federation authentication.

    IBM Tivoli Access Manager for e-business performs intelligent load balancing over replicated servers and can scale your server deployment. It supports implementations in excess of one hundred million users, takes advantage of SSL accelerator card technology and secure hardware keystore, and provides a fail-over capability that allows automatic switchover to a backup Web server.

  • Modular design for easier use - The modular authorization architecture of IBM Tivoli Access Manager for e-business separates security code from application code. This can translate to an improved time to market for your business initiatives, because typically you can change the security code without affecting application code, and vice-versa. This separation also accommodates "defense in depth" designs that involve enforcing security in a layer, such as a demilitarized zone. Tivoli Access Manager for e-business can help lower your cost of building security into new applications by reducing the need to write complex security code. It integrates with Web application servers that support Java 2, JAAS, and JACC without requiring nonstandard tasks such as extra precompiles. It also has focused J2EE-based support for securing WebSphere Application Server and BEA WebLogic Server.

    Tivoli Access Manager for e-business received a Common Criteria certification, under the auspices of the International Common Criteria process, administered by the National Information Assurance Partnership.

Supported Platforms:

Secure, unified user experience:

Tivoli Access Manager for e-business includes support to help large numbers of users participate in convenient, available, and personalized transactions. IBM works with the leading application providers through the 'Ready for Tivoli' program to build out-of-the-box integrations. You can secure customer, supplier, employee, and business partner connectivity across:

  • Web servers
  • J2EE-based application servers, such as WebSphere Application Server, BEA WebLogic Server, and Oracle 9iAS
  • XML Firewalls and Gateways
  • Industry-leading Web applications including:
  • Siebel
    - Microsoft Exchange 2000/2003
    - Microsoft SharePoint Portal 2003
    - Microsoft SharePoint Services 2003
    - PeopleSoft Enterprise Application 8.x
    - PeopleSoft Enterprise PeopleTools 8.x
    - WebSphere Portal
    - WebSphere Edge Server
    - WebSphere Host On-Demand
    - WebSphere Host Publisher
    - IBM Content Manager
    - WebSphere Everyplace Server Service Provider Offering
    - Lotus Domino
    - Lotus iNotes
    - Lotus QuickPlace
    - Lotus Sametime
    - SAP Internet Transaction Server (ITS)
    - SAP Enterprise Portal
    - BEA WebLogic Server
    - Oracle 9i Application Server
    - Oracle 10g Application Server
    - Interwoven TeamSite
    - Blockade Esconnect
    - Cash-U-Pecan
    - Citrix Metaframe/Nfuse XP
    - Kintana Suite 4.5
    - OpenConnect WebConnect
    - Rocksteady Rocknet 2.1
    - Verity K2 Enterprise
    - WinCom Switching Server
    - Citrix MetaFrame Presentation Server
    - Documentum Content Server / WebTop
    - Documentum eRoom 7

Plus others - list grows via IBM integrations and the Ready for Tivoli program.

Server platforms

The Access Manager server components support most common server platforms including Windows servers, AIX, Solaris, HP-UX, Red Hat Linux, and SUSE LINUX.

Client platforms

Tivoli Access Manager for e-business works with Netscape Navigator and Microsoft Internet Explorer browsers, as well as pervasive devices that support the Wireless Application Protocol or i-mode protocol. Access Manager enforcement points have broad platform support whether used in HTTP Proxy or Web server plug-in mode.

z/OS and OS/390 support

Tivoli Access Manager for e-business enables:

  • Security management that leverages mainframe server performance and security and encompasses distributed and legacy applications through the support of Linux for zSeries.
  • Web SSO and protection for Web servers on the z/OS or OS/390 enterprise server.
  • Use of the IBM Directory Server on z/OS, with the option of authenticating users through RACF, TopSecret, and other SAF-enabled mainframe security service-providing products.
  • Robust security for enterprise server Web applications without forcing a logical partition (LPAR) to be in the demilitarized zone.
  • Access control for servlets and non-HTTP applications on the enterprise server.

z/OS platform support also includes administration and authorization APIs in Java and the Access Manager plug-in for WebSphere Application Server for z/OS allowing container-level security for z/OS servlets.