Compliant Product - One Identity Manager v8.1
Certificate Date: 2020.02.04CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11003-2020
Product Type: Enterprise Security Management
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The One Identity Manager v8.1 TOE provides centralized provisioning and management of user accounts based on defined ‘identities’. The TOE provides identity and credential management functions by serving as the authoritative source for various user attributes while also designating various external systems to be authoritative sources for other attributes. The end result is that user data can be automatically and accurately propagated to multiple organizational locations so that external systems can subsequently make use of this data. For example, One Identity Manager may interface with an organization’s HR system (e.g. PeopleSoft) such that when a new user is created by the HR system, One Identity Manager will automatically generate external system accounts for that new user (e.g. create a new AD entry for them based on the default information and/or information supplied by the HR system). One Identity Manager can also be used to manually create user accounts and as an interface for TOE users to perform self-service management of their own password credentials, which are then pushed out to the organizational repositories (external systems) where that password data resides.
The One Identity Manager v8.1 TOE consists of several components: fat client, web UI, web service, job service (and its connectors) that interface with a centralized Microsoft SQL Server database through a shared object layer interface. The object layer interface is responsible for all database I/O operations and interfacing with external systems. The One Identity Manager Service (Job Service) performs data synchronization and provisioning between the database and any connected target systems and executes actions at the database and file level. The Job Service retrieves process steps from the JobQueue and executes them. The Job Service Application is the only method of interfacing with other organizational systems (e.g. HR system, AD, SAP) and the protected communication is through the use of connectors. The fat client provides the Designer and Synchronization Editor tools that are used for the initial setup of One Identity Manager. The fat client also includes the Manager application, but this interacts with the TOE via the web service. The Web UI and web services component provide interfaces for managing employee data. The Web UI is the graphical front-end that handles administrative management tasks, and where a TOE user can use the Password Reset Portal to change their password. The Web service is a REST API that provides the same functions as the Web UI as well as the interfaces that Manager uses to manage administrative role assignment and password policies.
From an architectural standpoint, the identity data maintained by One Identity Management resides in a central database (in the operational environment). All communications between the TOE and the database use TLS.
The TOE supports a variety of connectors, which are used to communicate with external systems to synchronize identity and credential data with the TOE’s operational environment. Depending on the system the TOE is connecting to, TLS, SSH, or HTTPS may be used to secure data in transit. Trusted communications are implemented by the TOE’s operational environment and rely on the FIPS-validated algorithm implementations provided by the underlying OS platform.
The tested configuration of the TOE used Windows 10 for the fat client and Windows Server 2016 for all other TOE components. The environmental database used to store TOE data was SQL Server 2017.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4, augmented by evaluation activities specified in the Standard Protection Profile for Enterprise Security Management Identity and Credential Management, Version 2.1. The product, when delivered and configured as identified in the One Identity Manager 8.1 Common Criteria Supplemental Admin Guidance and the other guidance documentation that it cites, satisfies all of the security functional requirements stated in the One Identity Manager v8.1 Security Target, v1.2, 3 February 2020. The evaluation was subject to CCEVS Validator review. The evaluation was completed in February 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Enterprise Security Management
The TOE provides the ability to identify and authenticate administrators using Active Directory. The TOE provides the capability to define and manage enterprise user security attributes and provision modifications in the target systems. The TOE provides the capability to define and securely transmit identity and credential data for use with other ESM products. The TOE provides a password restriction policy mechanism to ensure secure passwords are defined.
The TOE generates logs for the security relevant events specified in ESMICM PP. The TOE writes the logs to the central Microsoft SQL Server database using a TLS channel.
Identification and Authentication
The TOE associates roles, entitlements, and other user attributes with enterprise users and relies on the operational environment for user authentication. The TOE enforces binding of users to subjects by defining users as ‘employee’ objects inside the TOE. These objects are then mapped to accounts on external systems such that changes to user data on the TOE is propagated to these external systems through synchronization. The TOE also enforces binding between administrators and subjects during initial authentication such that an administrator’s privileges to manage the TSF are assigned when they log in and any changes to their privileges only take effect on subsequent logins.
The TOE provides the following management functions identified in the ESMICMPP:
- Management of administrator authentication data
- Definition and management of user identity and credential data
- Configuration of password policy for credential data
- Management of user credential status (e.g. suspended)
- Enrollment of users
- Configuration of transmission of identity and credential data to external entities, including enabling of trusted communications where necessary
- Configuration and assignment of administrative roles
The TOE also provides the ability for users to perform self-service management of their own password credential data. The TOE restricts access to the management functions to users with applicable roles and entitlements. By default, the TOE includes a One Identity Manager administrator role with full privileges to manage the TSF, but additional administrative roles can be defined and associated with users to grant a subset of these privileges.
Protection of the TSF
Credentials/keys used by the TOE are stored in the operational environment. The TOE does not offer any interfaces to view the credentials/keys.
The TOE provides trusted communication channels using TLS for communication with authentication servers, the audit server and for transfer of policy (identity and credential) data. SSH is used for transfer of policy data between the TOE and UNIX systems. HTTPS is used to protect communication channels between distributed TOE components.
The TOE provides trusted communication paths using Web UI/Web Service for remote administrators, which is enforced by IIS.
One Identity, LLC