Titulo Estágio
2025/26_N29 Centralized Identity and Access Management
Local do Estágio
Altice Labs
Enquadramento
As companies grow, so does the complexity of their IT environments, often with systems spread across multiple platforms, both on-premises andon the cloud. Each system has unique security requirements, so managing access can get complicated.
Traditional setups treat identity management on a system-by-system basis, meaning each system has its own way of verifying users andcontrolling what they can do. This decentralized setup results in scattered and inconsistent identity management rules, leading to security gapsand inefficiencies.
With centralized identity and access management, it is possible to consolidate everything into a single, central system, which makes it much easierto enforce security policies and monitor user access across the organization. Instead of checking and managing access for every singleapplication, it is possible to do it all from one place. This approach streamlines identity management, improves security, and provides a consistentuser experience across all applications within an organization
Objetivo
The main goal of this project is to improve Altice Labs' processes and practices concerning identity and access management, both in terms ofcorporative tools and developed products. It includes the gathering of state-of-the-art best practices and recommended standards in this scope,as well as the research and comparison of the available open-source and internal tools that help implement the proposed best practicesconsidering Altice Labs reality. An IAM architecture should then be proposed for the Altice Labs context, considering the already existingprocesses and toolset, as well as the tools previously compared and selected to address any existing gaps (e.g., centralized groups/rolesmanagement, public/private Certificate Authorities or CAs). This architecture and proposed toolset should then be tested in an Altice Labsenvironment, including integration with corporative tools or cloud providers such as Hashicorp Vault, GitHub, Atlassian Jira and Confluence, AWS,GCP, and Azure, to validate its feasibility and ability to address Altice Labs needs regarding identity and access management.
Plano de Trabalhos - Semestre 1
Research state-of-the-art best practices concerning identity and access management;
Explore IAM architecture in place at Altice Labs;
Write the Interim Report.
Plano de Trabalhos - Semestre 2
Research, compare, and select open-source and internal tools to address any existing gaps in the current architecture;
Propose a new IAM architecture with the selected tools;
Test the selected tools in an Altice Labs environment, including integration with corporative tools;
Write a final report with the main findings of the project.
Condições
Integração no Programa GENIUS Investigação da Inova-Ria.
Entidade Promotora: Inova-Ria
Entidade de acolhimento: Altice Labs
Com possibilidade de integrar uma Bolsa de Investigação - Programa GENIUS - durante a realização do projeto de Dissertação - Integração numa equipa de I&D na Empresa Altice Labs .
Valor de bolsa de acordo com tabelas da FCT (ver pdf em (www.Inova-Ria.pt).
Período de realização de acordo com o enquadramento da Universidade.
• Horário: De acordo com enquadramento da Universidade
• Formato: (a combinar na entrevista)
• Meios: atribuição de um PC portátil e acessos à rede Interna da Altice Labs
• Kit de Acolhimento
• Onboarding nas equipas da Altice Labs, com atribuição de um tutor full-time
• Possibilidade de participar em todas as iniciativas de partilha de conhecimento ou de entretenimento levadas a cabo pela Altice Labs
• Possibilidade de entrada nos quadros da empresa
Os alunos interessados deverão enviar para genius@inova-ria.pt ao cc Dra Regina Maia Sacchetti (963618710).
• Curriculum Vitae;
• Disciplinas realizadas até ao momento com médias; simples documento eletrónico, que poderá obter no portal académico .
Processo de Seleção: Entrevista Inova-Ria - PROGRAMA GENIUS na qual fará parte o Orientador do projeto de forma a esclarecer a temática envolvida.
Observações
Aspetos Inovadores
Implementation of centralized identity and access management across multiple platforms.
Integration of IAM solutions with on-premises and cloud environments to improve security and automation.
Adoption of Zero Trust principles.
Use of policy-driven IAM automation for proper access control (e.g., RBAC, ABAC).
Ferramentas a utilizar
Access management tools
Corporative tools/envrionments (e.g., Hashicorp Vault, GitHub, Atlassian Jira and Confluence, AWS, GCP, Azure)
CA implementations
Referências Bibliográficas
https://www.enisa.europa.eu/publications/digital-identity-standards
https://www.nist.gov/identity-access-management/identity-and-access-management-projects
https://csrc.nist.gov/projects/access-control-policy-and-implementation-guides
https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html
https://www.sciencedirect.com/science/article/abs/pii/S1467089514000049
Centralized Identity and Access Management
https://medium.com/@tahirbalarabe2/centralized-identity-and-access-management-pattern-simplifying-security-with-aws-965706ff8c19
Orientador
Mafalda Guimarães Nunes
mafalda-g-nunes@alticelabs.com 📩