INTRODUCTION

Continuous application access is critical for agencies to achieve their mission. Agencies that use a modern, cloud-native identity and access management (IAM) solution need edge sites to function in Denied, Disrupted, Intermittent, and Limited Bandwidth (DDIL) environments. They also require comprehensive solutions to ensure users can benefit from continued seamless access without friction, understanding that some services may be limited in capacity due to environmental conditions.

In a Zero Trust Architecture (ZTA), where the principle is “Never Trust, Always Verify,” identity is a crucial and foundational component to authenticate and authorize, enforcing granular least-privileged access. The majority of cyber attacks involve credential use or misuse in the network. Identity-centric architectures must be robust enough to not be bypassed in non-optimal environments.

THE CHALLENGE

How can my organization harness the power of leading-edge SaaS ICAM technologies and still secure legacy systems, while operating in non-ideal network environments (such as tactical edge or fully disconnected operations)?

THE SOLUTION

In partnership with Okta, SelecTech and its technology partners created a robust, standards and compliance-based unified solution built on microservices technology that can be deployed in tactical or disconnected environments. Strengthening enterprise IAM, the TIBA is tailored for secure deployment in tactical edge scenarios, adhering to stringent DoD security requirements. By securely implementing robust cryptographic protocols (PKI and FIDO2.1), user access control, privileged user access control, and user identity management, the system safeguards mission resources by ensuring access is granted exclusively to authorized and active users.

CAPABILITIES

• Intelligent Monitoring and Routing: Adapts to network conditions, ensuring optimal user experiences
• Intelligent Monitoring and Routing: Adapts to network conditions, ensuring optimal user experiences
• Cloud-Native IAM Integration: Leverages Okta for US Military1 when connected to the network
• DDIL Mode High-level Functionality (including but not limited to):
  • Authenticate and authorize users into local applications
  • Maintain a local directory service with roles and attributes
  • Utilize phishing-resistant Multi-Factor Authentication (MFA)
• Supports bi-directional directory synchronization through System for Cross-Domain Identity Management (SCIM) API
• Creates new users and issues cryptographic credentials
• Identity-Based Access Management for Zero-Trust
• Identity and network-based micro/macro segmentation