Identity and Access Management (IAM)
Policies that ensure the right users or groups have appropriate access to your critical resources.
IAM Security: Your First Line of Defense
Identity and Access Management (IAM) is critical for protecting your data, apps, and network from modern cyber attacks. By enforcing organizational policies and verifying every access request, IAM acts as a firewall for your digital resources.
With IAM, you can:
- Define user roles and privileges
- Enable secure authentication (SSO, MFA)
- Control device and network access
- Manage identities across your infrastructure
DrayTek’s IAM solution, built into DrayOS 5 and debuting with the Vigor2136 Series, brings Zero Trust security to your network gateway—helping you stop threats before they reach your core systems.
How DrayTek IAM Can Help
Watch the video to learn what is IAM is and how DrayTek IAM enhances your network security.
Key Components
Identity Management
Creating and managing user identities and profiles across systems
Access Control
Defining who can access what resources based on roles and permissions
Authentication
Verifying the identity of users for Single Sign-On, Multi-Factor Authentication, and Risk-Based Authentication
Authorization
Determining whether a user has permission to access a resource or perform an action for privileged Access Management and Data Governance
User Provisioning
Automating the creation, management, and deactivation of user accounts for Federated Identity Management, reducing help desk requests
Backup and Restore
Making periodic copies of your configuration for backup/recover
Enhance Network Security
- Password Management, and Automatic De-Provisioning
- Multi-Factor Authentication
- Role-Based Access Control
- Privilege Access Management
- Identity, and Data Governance
Benefits of IAM
- Enhanced Security Measures
- Robust Password Management in Complex Settings
- Compliance Advantage
- Vendor and Third-Party Management
- Empowering and boosting the security of remote work
Advantage of IAM
- Automation of routine IAM tasks
- Optimizing user experience
- Enhancing security
- Managed IAM platform and integration
- Orchestrated on-premises and cloud application networks
- Increasing productivity
- Curbing IT costs
Key Features of IAM
Users and Groups
- User Account: Login credentials (Username/Password) for Single Sign-On, MFA / User Information Notification / Activity Tracking
- User Groups: For higher-scale users group control and management
- Multiple Authentication Rule and Server: By IP/MAC/APPE filter (like Firewall, Content Filters), VPN, RADIUS/TACACS server
- User and MFA Security for Brute Force Protection
IAM Policies
You can define the access policy for your LAN network users with multiple access control methods like:
- White/Black list by MAC filtering
- Built-in login users list
- Guest hotspot management
- User Groups: For higher-scale users group control and management
- Multiple Authentication Rule and Server: By IP/MAC/APPE filter (like Firewall, Content Filters), VPN, RADIUS/TACACS server
- User and MFA Security for Brute Force Protection
And you can define the login session lifetime to assure each access is under your control and management.
For Group Policy management, you can either use the default firewall settings or customize the Group Firewall Policies. This allows you to integrate content filters (such as keyword exceptions) and configure outbound IPv4 to enhance network security and optimize traffic flow. You can also check the syslogs for IP and content filter logs to evaluate the performance of your Group Policy.
Conditional Access Policy
To intensify the access security management, you can add in "Conditional Access Policy" to:
- Specify the time period for users to re-authenticate either "Every Time" or "When the login session lifetime expires"
- Restrict access to specific source IP address or IP ranges
- Guest hotspot management
- Specify VLAN-based access control in your Conditional Access Policy
- Time scheduling for the user's login
By doing so, each access from any user will be required to get verified in advance.
Resources
You can define and record local resources to ensure secure access to critical resources within your network, such as workstations, network printers, PBX systems, NVR systems, and business operation systems (ERP, CRM, SCM, SRM, PLM, or human capital management)
- Resource Type (IP or MAC)
- Resource Port
- Service Type Objects
You can also add in the ICMP setting to report errors and generating network diagnostics.
Hotspot Web Portal
It's an feature which has been adopted in our Vigor routers for long time like:
- Login Method
- Login Page Setup
- Whitelist Setting
- More Options (Landing page after authentication: Fixed URL, User Requested URL)
You can integrate it into your IAM system to enhance the flexibility, agility, and integrity for your security management.
Backup and Restore
Back up or restore settings such as Users and Groups, Access and Group Policies, and more. For added security, you can enable password protection before taking any action.
Knowledge Base
- Introduction of IAM
- Set Up a Content Filter for VPN-to-WAN Traffic