0

Can someone please explain the major differences between IBM Tivoli Access Manager and Tivoli Federated Identity Manager? Does TAM support SAML?

Jeffrey Bosboom
  • 13,313
  • 16
  • 79
  • 92
borna
  • 906
  • 3
  • 12
  • 32

3 Answers3

2

Updated Answer: SAML is now supported with ISAM v9.

The names and versions of the products have been updated/changed. Basically, TFIM and TAM are now old names and products. All of the functionality and code of TFIM has been rolled into to ISAM v9. ISAM v9 now has Web, AAC, and Federation components. (ISAM v8 did not have the Federation componentm ISAM 8 only had Web and Mobile)

ISAM 9 Web - reverse proxy that handles authentication/authorization to back-end web servers
ISAM 9 AAC (Advanced Access Control) - more advanced authorization functions tailored toward mobile devices like device fingerprinting, geolocation awareness, and IP reputation
ISAM 9 Federation - all the old TFIM code with updates

old Tivoli Access Manager (TAM) -> new IBM Security Access Manager (ISAM)
old Tivoli Federated Identity Manager -> new ISAM v9 Federation

Urist_Welkons
  • 76
  • 3
1

I will elaborate a bit more since nzpcmad 's answer fails to address TFIM at all.

IBM Tivoli Access Manager ( now IBM Security Access Manager) handles the authentication and authorization part of your IAM infastructure.

IBM Tivoli Federated Identity Manager allows for federated and web Single Sign On. It can be used with ISAM, for example in a scenario that ISAM delegates the authentication part to TFIM for certain resources/cases.

ISAM does not speak SAML by itself, but it can leverage TFIM that does.

Other than that, you would have to ask something more specific in order to get concrete answers.

Community
  • 1
  • 1
Yiannis Kakavas
  • 597
  • 3
  • 9
0

In general, an Identity Manager provisions users into an identity repository e.g. AD / LDAP. It also provides password self-service etc. The provisioning includes user attributes and roles.

An Access Manager provides authentication (using the identity repository) and authorization based on the users attributes, roles and credentials provisioned by the Identity Manager.

rbrayb
  • 46,440
  • 34
  • 114
  • 174