PAPPAYA IDENTITY MANAGEMENT (PIM)

Simeio Solutions 2020 Identity and Access Management report states that 89% of businesses consider Identity and Access Management (IAM) extremely important.

Identity management or ID management is an organizational process that ensures individuals are given necessary access to technology resources. This includes all the steps from identifying, authenticating, and authorizing personnel to applications, networks, and systems. The primary purpose of ID management is to ensure that only authorized personnel has access to their specific systems or IT environment. Having a strong identity governance policy and the process is integral to managing role-based management systems. Pappaya Identity management (PIM) is where all the services will be registered. PIM provides a catalog of services and users. PIM is the central Pappaya Cloud authentication system for users and projects. Pappaya Identity Management (PIM)  provides a central directory of users and is intended to incorporate all common information about users and their capabilities across other services along with a list of the services themselves.

Benefits of PAPPAYA IDENTITY MANAGEMENT (PIM)

  • Provides easy access - anytime, anywhere
  • Enforces robust credential management
  • Helps mitigate insider threats by preventing misuse of privileges
  • Offers two-factor authentication making it highly secure

AUTHENTICATION PROCESS FLOW

The user provides their credentials to Pappaya Identity Management (PIM) and receives a token that is just a string, i.e., connected to the user and the project internally by Pappaya Identity Management (PIM). This token travels between services with every user request generated by service to another service to process the user’s request.

step-1-admissions

The user should provide Pappaya Identity Management (PIM) credentials and get the token. 

step-2-admissions

Find the URL of Pappaya Hosting in the list of endpoints provided by Pappaya Identity Management (PIM) and send an appropriate request.

step-3-admissions

Pappaya Hosting verifies the token’s validity in Pappaya Identity Management (PIM) and should create an instance from some image by the provided image ID and plug it into some network first. Pappaya Hosting pauses this token to Pappaya Image Repository (PIR) to get the image stored

step-4-admissions

PIR asks Pappaya Virtual Networking Service (PVNS) to plug this new instance into a network Pappaya Virtual Networking Service (PVNS). This verifies whether the user has access to its database and the VM’s interface by requesting Pappaya Hosting info. This token travels between services to ask Pappaya Identity Management (PIM) or each other for additional information or some actions during this process.

The authentication process for spinning up a new VM in Pappaya Hosting is as follows

Each of the Pappaya Cloud services identity, compute defines access policies for its resources in an associated policies files. Each service has its role-based access policies. They determine which objects in which way and are described in the service’s policy. JSON file.

 

For example, a resource could be API access, the ability to attach a volume or fire up the instances. The policy roles are specified in JSON format, and the file is called policy.json. This policy can be modified or updated by the cloud administrator to control the access to various resources to ensure any changes to the access control policies do not unintentionally weaken the security of any resources.

PAPPAYA IDENTITY MANAGEMENT (PIM) ARCHITECTURE

pmi

When Pappaya Identity Management (PIM) is configured to LDAP or AD backend, businesses can split authentication using the identity services by leveraging the assignment. When LDAP is configured to use at the backend, users can split authentication using the identity service and authorization by using the assignments service. This identity feature enables administrators to manage users in groups by separate domains or the whole Pappaya Cloud that the service entirely.