System and method for peer group detection, visualization and analysis in identity management artificial intelligence systems using cluster based analysis of network identity graphs
First Claim
1. An identity management system, comprising:
- a memory;
a processor;
a non-transitory, computer-readable storage medium including computer instructions for;
obtaining identity management data from one or more identity management systems in a distributed enterprise computing environment;
evaluating the identity management data to determine a set of identities and a set of entitlements associated with the set of identities, the set of identities and the set of entitlements utilized in identity management of the distributed enterprise computing environment;
generating a first identity graph from the identity management data by;
creating a node of the first identity graph for each of the determined set of identities,for each first identity and second identity that share at least one entitlement of the set of entitlements, creating an edge of the first identity graph between a first node representing the first identity and a second node of the identity graph representing the second identity, andgenerating a weight for each edge of the first identity graph between each first node and second node based on the at least one entitlement shared between the first identity represented by the first node and the second identity represented by the second node;
storing the first identity graph in the graph data store;
pruning the set of edges of the first identity graph to generate a second identity graph;
storing the second identity graph in the graph data store;
clustering the set of identities or set of entitlements represented by the second identity graph into a set of peer groups based on the second identity graph, including the nodes of the second identity graph representing the set of identities and the edges of the second identity graph; and
storing the set of peer groups, including an identification of the set of identities or set of entitlements.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for graph based artificial intelligence systems for identity management systems are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to peer grouping of identities of distributed networked enterprise computing environment. Specifically, in certain embodiments, data on the identities and the respective entitlements assigned to each identity as utilized in an enterprise computer environment may be obtained by an identity management system. A network identity graph may be constructed using the identity and entitlement data. The identity graph can then be clustered into peer groups of identities. The peer groups of identities may be used by the identity management system and users thereof in risk assessment or other identity management tasks.
-
Citations
21 Claims
-
1. An identity management system, comprising:
-
a memory; a processor; a non-transitory, computer-readable storage medium including computer instructions for; obtaining identity management data from one or more identity management systems in a distributed enterprise computing environment; evaluating the identity management data to determine a set of identities and a set of entitlements associated with the set of identities, the set of identities and the set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first identity graph from the identity management data by; creating a node of the first identity graph for each of the determined set of identities, for each first identity and second identity that share at least one entitlement of the set of entitlements, creating an edge of the first identity graph between a first node representing the first identity and a second node of the identity graph representing the second identity, and generating a weight for each edge of the first identity graph between each first node and second node based on the at least one entitlement shared between the first identity represented by the first node and the second identity represented by the second node; storing the first identity graph in the graph data store; pruning the set of edges of the first identity graph to generate a second identity graph; storing the second identity graph in the graph data store; clustering the set of identities or set of entitlements represented by the second identity graph into a set of peer groups based on the second identity graph, including the nodes of the second identity graph representing the set of identities and the edges of the second identity graph; and storing the set of peer groups, including an identification of the set of identities or set of entitlements. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
obtaining identity management data from one or more identity management systems in a distributed enterprise computing environment; evaluating the identity management data to determine a set of identities and a set of entitlements associated with the set of identities, the set of identities and the set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first identity graph from the identity management data by; creating a node of the first identity graph for each of the determined set of identities, for each first identity and second identity that share at least one entitlement of the set of entitlements, creating an edge of the first identity graph between a first node representing the first identity and a second node of the identity graph representing the second identity, and generating a weight for each edge of the first identity graph between each first node and second node based on the at least one entitlement shared between the first identity represented by the first node and the second identity represented by the second node; storing the first identity graph in the graph data store; pruning the set of edges of the first identity graph to generate a second identity graph; storing the second identity graph in the graph data store; clustering the set of identities or set of entitlements represented by the second identity graph into a set of peer groups based on the second identity graph, including the nodes of the second identity graph representing the set of identities and the edges of the second identity graph; and storing the set of peer groups, including an identification of the set of identities or set of entitlements. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium, comprising instructions for:
-
obtaining identity management data from one or more identity management systems in a distributed enterprise computing environment; evaluating the identity management data to determine a set of identities and a set of entitlements associated with the set of identities, the set of identities and the set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first identity graph from the identity management data by; creating a node of the first identity graph for each of the determined set of identities, for each first identity and second identity that share at least one entitlement of the set of entitlements, creating an edge of the first identity graph between a first node representing the first identity and a second node of the identity graph representing the second identity, and generating a weight for each edge of the first identity graph between each first node and second node based on the at least one entitlement shared between the first identity represented by the first node and the second identity represented by the second node; storing the first identity graph in the graph data store; pruning the set of edges of the first identity graph to generate a second identity graph; storing the second identity graph in the graph data store; clustering the set of identities or set of entitlements represented by the second identity graph into a set of peer groups based on the second identity graph, including the nodes of the second identity graph representing the set of identities and the edges of the second identity graph; and storing the set of peer groups, including an identification of the set of identities or set of entitlements. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification