We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byEmily Hyson
Modified about 1 year ago
Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac Corporation's express consent. © 2011 Fair Isaac Corporation. 1 Insurance Fraud Manager User Group February 8-9, 2011 San Diego, CA Best Practices Security, Roles and Permissions Andrea Allmon Product Management-Sr Director Health Care and Insurance Kevin Harrison Product Management-Sr Director FICO Platform February 2010
© 2011 Fair Isaac Corporation. Confidential. 2 © 2010 Fair Isaac Corporation. Confidential. 2 Agenda »FICO Platform Architecture »Security(LDAP)/SSO (shared portal) »Users »Permissions (IFM - screen level) »Roles »Groups »Organizations
© 2011 Fair Isaac Corporation. Confidential. 3 © 2010 Fair Isaac Corporation. Confidential. 3 FICO Platform Architecture
© 2011 Fair Isaac Corporation. Confidential. 4 FICO Platform Architecture »Business Objectives »Faster Application Development »Faster Time-to-Value solutions for our clients »Faster turn-around for Upgrades to our clients »Implementation »Standards-based, Service Oriented Architecture (SOA) »Integrates with Operating Systems and Middleware » Operating System » JEE – Java Platform, Enterprise Edition » Application Server » Database Server » LDAP Server »Configurable by Application
© 2011 Fair Isaac Corporation. Confidential. 5 FICO Platform Architecture Hardware »Configurations for FICO Applications »FICO Platform and shared Strategic Differentiators »Third Party Platform Stack »Operating System »Database Server»LDAP Server»Application Server »Java Platform, Enterprise Edition (JEE) FICO Platform Debt Manager Fraud Manager Origination Manager Insurance Fraud DM App DM App FICO Application Business Services
© 2011 Fair Isaac Corporation. Confidential. 6 What is FICO Platform? What functionality does it provide? »Common Data Model »Extensible Data Entities »Encryption »Data Access Layer »Audit, Logging, and History »License Management »Data Acquisition »FICO Network + Transformation »Bureau + Data Interfaces »Decision Management System »Characteristic Library »Model Deployment »Adaptive Control »Performance Reporting »Transaction Scoring »Business Rules Management »Blaze Advisor (RMA) »Business Intelligence »Browser-based reports integration »Security Framework »Role Based Access Control »LDAP Integration + Federation »Single Sign-on »UI Framework »UI Builder (SmartForms) »Context Sensitive Help »Call Scripting »Internationalized (I18N) »Double-byte character set (DBCS) »Locale aware (Region + Language) » Date, Time, Currency, Numeric separators »Externalized Translation Configuration »Case Management »History + Notes »Evidence Locker »Workflow »Document Services »Document Templates »PDF, E-Mail, SMS
© 2011 Fair Isaac Corporation. Confidential. 7 © 2010 Fair Isaac Corporation. Confidential. 7 Security (LDAP)/SSO
© 2011 Fair Isaac Corporation. Confidential. 8 FICO Platform use of LDAP »What is LDAP and what purpose does it serve? » LDAP = Lightweight Directory Access Protocol »FICO client needs »LDAP integration for Administration and Support » Reuse Corporate configuration for Groups, Users, and Password policy »Centralized and Delegated Administration »FICO Platform products »Use standard LDAPv3 integration for Directory Services »Have Delegated administration features to write to LDAP »Use of LDAP Server »Users (with Group membership) » only attributes in standard LDAP schema » Extended attributes in FICO database »Groups (with hierarchy) » only attributes in standard LDAP schema » Extended attributes in FICO database »Password policy
© 2011 Fair Isaac Corporation. Confidential. 9 Single Sign On »FICO application roadmap requirements from clients »Support for Single Sign On environments »Support for Federated Security integration »Requires centralized authorization server »Typically an LDAP server or integrated with LDAP servers »Implemented by an authentication token »Federation requires trusted relationship »Site-deployed »Workstation login establishes authentication token »No user/password required to access applications supporting SSO »ASP/Hosting »One user/password in portal/extranet for multiple hosted applications »Federation allows trust to auto-provision clients
© 2011 Fair Isaac Corporation. Confidential. 10 © 2010 Fair Isaac Corporation. Confidential. 10 Users
© 2011 Fair Isaac Corporation. Confidential. 11 Users Creating Users Department is a free-form entry for “Primary Group.” In a future release, we will be making this a drop-down selector. Setting up the Users Tenants are used when you are hosting more than one customer Locales will be used in future releases for localizations (English, Dutch, German)
© 2011 Fair Isaac Corporation. Confidential. 12 Users »User Creation »Users are Created in LDAP » Username required » Validated to be unique » First and Last name required for application display » E-Mail address required for sending temporary password »A temporary password is generated »An e-mail is sent to users e-mail address »Users are also created in Business Objects »User Setup for Additional details »Some additional LDAP details available for reference » Emp #, phone, mobile, title »Remaining details are user details in the database » Settings: Tenant, Locale, Time Zone » Associations: Groups, Roles, Queues » User is made member of Groups in LDAP »User locale and time zone settings are updated in Business Objects
© 2011 Fair Isaac Corporation. Confidential. 13 © 2010 Fair Isaac Corporation. Confidential. 13 Roles
© 2011 Fair Isaac Corporation. Confidential. 14 Roles »Roles should be configured by job function »Contain a set of permissions to access a resource »Typically assigned to a Group of users that do that job » Ease roles administration for large number of users » Ensure backup resource with 2 or more users in each group »IFM ships with the following default Roles: »Full Administrator »Manager »Investigator »Medical Management »Claims Reviewer »Claims Supervisor »Information Only »Triage/Case Administrator
© 2011 Fair Isaac Corporation. Confidential. 15 Roles Hierarchy example
© 2011 Fair Isaac Corporation. Confidential. 16 Permissions and Roles »Permissions »Allows access to system-level features »Roles – Job Function »Group of access permissions »Roles hierarchy » lower-level roles contain subset of upper-level role’s permissions »Users and Work Groups may have one or more Roles »Role administration can be delegated » By Role with Role Permissions (Add, Manage, Change, Modify) » Users are limited to Scope of Authority (their lower-level Roles) »Roles are not bound by organization or operational areas » Allows shared job functions across the organization and operation » ie: Delegated Administration: User Administration, Group Administration » Unless defined that way in the hierarchy
© 2011 Fair Isaac Corporation. Confidential. 17 Role Based Access Control (RBAC) »Separation of Duties »Role Type: Security Administrator » Top-level access control to all security objects and audit logs » Defines primary roles and groups » Establishes System Administrators and Delegated Administrators »Role Type: System Administrators » Manages System Configuration options » Monitors System Function and maintains operational environment »Role Type: Delegated Administrators » Manages Business or Departmental Operations » Allows configuration changes to respond quickly to business needs »Best Practice* »Define top-level roles as superset for job functions » Create lower-level child roles as permission subsets » Allows sharing some permissions for staff in cross-functional roles » Typical that some users do two jobs » or cover tasks of other staff as needed (out-of-office, vacation, sick)
© 2011 Fair Isaac Corporation. Confidential. 18 © 2010 Fair Isaac Corporation. Confidential. 18 Permissions
© 2011 Fair Isaac Corporation. Confidential. 19 Permissions »IFM Permissions are at the detailed functional level »Permissions are defined as Action and Resource pair »Permissions can be assigned to multiple roles »Authorization service checks user’s Roles for permissions »Permissions can control access to various User Interface elements » Menus » Menu Items » Screens/Page » Screen Elements » Navigation items (buttons, hyperlinks) » Controls (textbox, drop-down list, grid, etc) »Work in Progress »Renaming permissions to provide better clarity »Next release includes permission category » Ability to filter list of permissions by category » examples: Users, Groups, Roles, Queues, Menu, Grid, Domain Values
© 2011 Fair Isaac Corporation. Confidential. 20 © 2010 Fair Isaac Corporation. Confidential. 20 Groups
© 2011 Fair Isaac Corporation. Confidential. 21 Groups »Work Groups/Departments »Work Groups »set of users that are grouped »represent operational groups or teams. »Work groups simplify administration of large number of users » roles and queues associated to group apply to all members of the group »Administration for lower level user groups can be delegated to users or user groups associated to upper level user groups. »Next release changing to User Group nomenclature »Common name for container for number of users »Better represents the alignment with LDAP User Groups »New attribute in user details for Tenant-specific Primary Group
© 2011 Fair Isaac Corporation. Confidential. 22 Work Groups are defined by »Tenant »Each tenant may have different users and operational needs »User with appropriate permission in Roles »Create Work Groups (add) »Maintain Work Groups (edit) »Business Managers or Supervisors »Define group and team structure for their business operations area » Hierarchy (inheritance) to define Managers, Supervisors, Teams »Scope of Authority limited to the groups they are in » Maintaining users and assignments in “my work groups” » Maintain configuration for lower-level work groups
© 2011 Fair Isaac Corporation. Confidential. 23 © 2010 Fair Isaac Corporation. Confidential. 23 Organization
© 2011 Fair Isaac Corporation. Confidential. 24 Organization »Coming Soon – Organization lets you have better control of Document Templates, etc. »Optional – Default organization is used until configured »Authorization to certain system resources can be based on an organizational hierarchy and RBAC. »Roles determine if user can access the screen and perform actions »Organization hierarchy determines what data the user can act upon » What resource is listed as available to act on »Organization hierarchy models division, departments, and teams »Work groups are associated to one or more organizations »Users can also be associated individually to organizations »Administration for lower level organizations can be delegated to users or user groups associated to upper level organizations.
© 2011 Fair Isaac Corporation. Confidential. 25 Organization »Example »A role permission allows user to update document templates »The user is a member of one or more organizations »Certain document templates are associated to organizations »The document templates available to the user are limited to document templates that belong to the user’s organization(s) »Organization resources »document templates »business calendars »Scripts »other entities defined by FICO products »For backward compatibility, these resources are part of the Default Organization available to All User and All Groups
© 2011 Fair Isaac Corporation. Confidential. 26 Delegated Administration »Delegated Administration »Of Users, Work Groups, and Roles »managed by individual clients, divisions, departments » Such as directors, managers, and supervisors »hierarchal structure allows Scope of Authority limits to » Roles they have been associated to and the child roles of those roles » Work Groups they have been associated to, the child groups of those groups » Users within those work groups. » Organizations they have been associated to and the child organizations of those organizations »Role permissions determine which maintenance has been delegated » Users are always limited to Scope of Authority » User cannot change hierarchy without permission to act on resource » Create, Edit, or Delete » For specific hierarchy (Roles, Work Groups, or Organizations)
© 2011 Fair Isaac Corporation. Confidential. 27 Tenant with Delegated Administration
© 2011 Fair Isaac Corporation. Confidential. 28 Open Discussion »What have you found that works best? »What don’t you like? »What would you like to see differently?
Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac Corporation's express consent. © 2011 Fair Isaac Corporation. 29 Insurance Fraud Manager User Group February 8-9, 2011 San Diego, CA THANK YOU
FedEx Ship Manager® at fedex.com Shipping Administration
Services Course Windows Live SkyDrive Participant Guide.
MEGS+ Michigan Electronic Grants System Plus https://mdoe.state.mi.us/megsplus Session Three: Application/Task Information.
Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac Corporation's express consent.
ECATS The Honeywell Web-based Corrective Action Solution eCATS for Suppliers Last Revised: August 26, 2008 Honeywell Confidential & Proprietary.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
What’s new in WebSpace Changes and improvements with Xythos 7.2 Effective June 24,
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
ACD Training. 2 Agenda Logging In Header Toolbar Main Dashboard –Calls –My Agents Searching Calls Reports.
What’s New in WatchGuard Dimension v1.2 WatchGuard Training.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
State of New Jersey Department of Health and Senior Services Patient Safety Reporting System Module 2 – New Event Entry.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
1 How to Enter Time. 2 Select: Log In Once logged in, Select: Employees.
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Control Centre December 09.
LFCDS SkyMail & SkyDrive Full Student Orientation
1 SLIDE Insurance Company Regulation Division Insurance Market Regulation Division Medical Professional Liability Insurance Claim Reports Online Claim.
Determine Eligibility Chapter 4. Determine Eligibility 4-2 Objectives Search for Customer on database Enter application signed date and eligibility determination.
Copyright © Sierra Atlantic, Inc. Material contained within this document is confidential and may not be reproduced without prior written consent. System.
1 Hosted Voice Product Training Automatic Call Distributor (ACD)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Eligibility, Benefits, and Pre-certifications Availity Customer Connection 2011 ©2011 Availity, LLC | All Rights Reserved 1 Rev
CA's Management Database (MDB): The EITM Foundation -WO108SN.
South Dakota Library Network MetaLib User Interface South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD © South Dakota.
GEtServices Purchasing Units & Materials Training For Suppliers Direct Order.
© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.
© 2005 by Prentice Hall 1 Chapter 1: The Database Environment Modern Database Management 7 th Edition Jeffrey A. Hoffer, Mary B. Prescott, Fred R. McFadden.
© Ericsson Interception Management Systems, 2000 CELLNET Drop Administering IMS Database Module Objectives To add a network elements to the database.
Page 1 of 30 To the Create Assignment Request Online Training Course An assignment request is created by an assignor to initiate the electronic assignment.
1 Contract Inactivation & Replacement Fly-in Action ( Continue to Page Down/Click on each page…) Electronic Document Access (EDA)
COM Orientation. Using OneSource 2 The first time you log into OneSource, you’ll be asked to select a home page. Please choose an page that reflects.
Presented by: HCN Clinical Operations Team. 2 TopicPage Top Reasons to have and use the Patient Portal3 Sample Portal Websites4 Portal 1016 Meaningful.
ACCOUNT ADMINISTRATION. Objectives In this session you will learn how to: –Create Business Units. –Create new users and manage security settings. –Configure.
Reference Guide Module 1: Getting Started August 2014.
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
The System Center Family Microsoft. Mobile Device Manager 2008.
1 Integrify 5.0 Tutorial : Creating a New Process In this tutorial, we will show you how to: Create a new process Add different task types into our process.
TIDE Presentation Florida Standards Assessments 1 FSA Regional Trainings Updated 02/09/15.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Customize Your View of Data Training Presentation for Supply Chain Platform: BAE Systems July 2012.
® ©2011 GlobalScholar, Inc.. Slide 2 ©2011 GlobalScholar, Inc. Your GlobalScholar Team >Jay Jones, Training Specialist >Becky Dubois, Education Analyst.
FIRST COURSE Microsoft Access. XP 2 Organizing Data Your first step in organizing data is to identify the individual fields – The specific value, or content,
HORIZONT 1 TWS/WebAdmin 3.1 HORIZONT Software for Datacenters Garmischer Str. 8 D München Tel ++49(0)89 / Web Interface.
MANAGEMENT RICHARD L. DAFT. Designing Adaptive Organizations CHAPTER 9.
© 2017 SlidePlayer.com Inc. All rights reserved.