The Customer Identity & Access Management (CIAM) Specialist
CIAM enables secure, seamless, & simplified digital experiences for your customers.
Avoid identity data breaches
Improve your security posture and better protect customer’s identity data
Deliver outstanding customer experiences
From initial registration to login, provide a frictionless digital experience
Reduce operational & support costs
Digitise even the most complex and expensive manual workflows
Keep dev team focused
Building CIAM in-house is complex, let your dev team focus on your core business
How Organisations use Ubisecure
Rapidly build innovative Customer IAM (CIAM) and B2B IAM capabilities into applications and services.
Give customers one digital identity to connect to all your services and applications.
Enhance security with MFA without the friction, and employ context-based step-up authentication as needed.
Protect resources with fine-grained user permissions and access rights.
Create, store, and manage users, and identity and privacy data, at scale.
Connect multiple service providers to different identity providers and authentication sources with a single integration.
Anchor users to their existing digital identities (social, enterprise, verified) to remove friction during registration & login.
Prove a user’s real identity at the start of your onboarding or KYC process.
Manage how organisation, family or individual users delegate their rights to others to act on their behalf.
Register your own G20 endorsed high assurance organisation identities, or utilise the global LEI database for KYC.
The fast, easy way to enforce the governance rights of individuals to represent their organisation.
CIAM deployed YOUR way
What the experts say about Ubisecure and CIAM
“The Ubisecure Identity Platform is a critical component of the eHealth service as its functionality provides Swedish citizens with very easy to use process for accessing their health records.”
“The Ubisecure Identity Platform is delivered as a single integrated IAM suite that provides both Web Access Management and Identity Federation capabilities with a fully integrated database and application server.”
“The Ubisecure Identity Platform has helped us realise a unified IAM solution for both consumers and corporate customers, creating an environment where you only need one identity.”
According to Gartner, “there is an increase in demand for CIAM technologies due to its importance to combining successful UX to attract and retain more customers with security and privacy capabilities. Commercial technologies are now more popular than “homegrown” solutions.” Further, “CIAM technology popularity has surpassed homegrown solutions, but integration with adjacent technologies is still key to address digital experience and risk management needs.”
Gartner “Technology Insight for Customer Identity and Access Management”
Henrique Teixeira, et al, 4 May 2020.
Ubisecure is proud to be named in this report by Gartner. Gartner subscribers can view the report here.
New Technology Alliance
The best of both the IGA and CIAM worlds in a solution that simplifies identity management for your workforce, B2B supply chain, and Customers/Consumers, and brings enterprise-class IGA for your external identities.
subtenants / orgs in single
customers on a single
Provider in Europe
organisations using Ubisecure
Legal Entity Identifiers
Citizens rely on Ubisecure
Customer Identity & Access Management
Provider in the Nordics
Identity Management is evolving. Keep up with the latest…
- Interpreting the Finnish Trust Network (FTN) with Traficom’s Petteri Ihalainen – Podcast Episode 33November 25, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast-Petteri_Ihalainen_V2.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Google Podcasts | Spotify | Stitcher | Email | TuneIn | Deezer | RSS | MoreLet’s Talk About Digital Identity with Petteri Ihalainen, Senior Specialist at the National Cyber Security Centre, Finland (part of Traficom – Finnish Transport and Communications Agency). In episode 33, Oscar’s on home turf talking to Petteri Ihalainen about the identity landscape in Finland and all about the Finnish Trust Network (FTN) – what it is, why it came about and what the benefits are for Finland’s population. They also discuss Katso, Finland’s business-to-government national delegation solution (read more about Katso here), and eIDAS, a regulation that Petteri is deeply involved in. “You get basically the whole population of Finnish people through a single contract.” Petteri Ihalainen has an extensive information security background, having worked for organisations like SSH, Ubisecure, the EU Commission, Gemalto and GlobalSign. During his career he has participated in advanced initiatives and digital identity programmes in various roles. He’s currently working as a senior specialist at the National Cyber Security Centre of Finland (part of Traficom – the Finnish Transport and Communications Agency) in a team that supervises and advises organisations deploying digital identity solutions. Petteri also acts as one of the country’s representatives at the EU-level in eIDAS related tasks and programmes. Find Petteri on LinkedIn and on Twitter @Ihalain. Read more about ‘What is the Finnish Trust Network‘ in our blog. We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure! ...
- Solutions to privacy in contact tracing apps: Q&A with Julian Hayes, MD of Veneto PrivacyNovember 23, 2020As the world deals with many challenges due to the 2020 outbreak of COVID-19, I talked to data protection expert Julian Hayes from Veneto Privacy regarding the prominence and development of contact tracing apps and how society can combat some of the privacy and data protection concerns that these platforms can entail. Julian Hayes is Managing Director of Veneto Privacy Services, a specialist data protection and security firm based in Dublin, Ireland. He has worked in the sphere of data protection for more than 16 years and is a specialist in app privacy & security design for major consumer service industries. Minttu: What are the main challenges you see with the uptake of contact tracing apps? Julian: I think it is good that there is a healthy debate on the subject of contact tracing apps at this time as we have seen much analysis on the implications for users of the app and what plans authorities plan to use with the data. From the outset, we must be mindful that the main objective of such app analysis is to protect society from the risk of infection or transmission of COVID-19. With that in mind we must make sure that a balance is struck as much as possible to be able to protect individual citizens’ data, with that of protecting society from the virus. There are two predominant models that are used for COVID-19 possible contagion detection that would be good to analyse from a security perspective. De-centralised App Models: This model utilises Bluetooth or other common device-to-device based connectivity solutions, where there is no collection point of information other than on the users’ devices. A typical experience would be a confirmed COVID positive user would activate their status on the app as having currently or once tested positive for COVID. Other devices in the user’s proximity would then be alerted when and, importantly, where they had encountered a close contact with the tested-positive user’s device. Centralised App Models:The centralised app model is a central point of storage for all COVID app users, detailing all close encounter contacts that the user has come in close proximity to, again via Bluetooth or other near field communication technology. Broadly speaking, it will again require an action by a user to enlist themselves on the app as having contracted COVID previously or presently, although in some models some data regarding temperature checks etc. may be processed in the service to automatically categorise individuals based on specific protocols. The centralised model would be the preferred model for those agencies tasked with fighting the pandemic as it will give them a detailed, holistic view as to the spread of infection. Centralised comprehensive models can be more effective but are also open to much criticism for overreaching in the data that they process or, in extreme cases, abuse of data that is processed surreptitiously for other purposes by the state or other third parties. Some points to note here: Both models are likely to have better valid detection and performance in rural areas rather than urban areas due to spatial issues – i.e. less devices per square metre and generally reduced concentration of user interaction. The de-centralised model is clearly more privacy friendly as it alerts from device to device, rather than through a central source, but we must consider how effective it is for reporting possible COVID infections. The centralised model will have better detailed visibility for health authorities or intermediaries tasked with operating the detection tools. GPS and Cell ID data (often available open source, see here) are really required for both solutions so as to allow geo-graphic identification of the user, even in the centralised model where it is not to be shared by the device. Some research is needed into historical Bluetooth proximity – whether a device can recall Bluetooth device encounters prior to downloading the app. M: Will these apps be the ‘silver bullet’ to combatting COVID-19? J: I think it is important see this type of technology as part of the strategy to help fight this disease, along with the other more traditional methods such as social distancing, personal hygiene and the promising developments of vaccines recently. These solutions are only a part of the suite of tools that public health authorities are recommending. M: What about concerns regarding data privacy and how the data will be used? J: Clearly there are concerns regarding the approach of the centralised model relating to how data will be processed. However, we must remember that these state authority initiatives are undertaken with the objective to protect society in the detection of close encounters of people who have contracted COVID-19. We must also be cognisant that the apps in place are being developed on the basis that they will be downloaded voluntarily by people who will be informed on the permissions that are entailed in using the service. Provided that contact tracing apps provide good information to the user on what data is processed, for what purpose and why, and what controls they can utilise within the service, it should enable transparency and privacy-by-design. M: What are some of the mitigations on a privacy engineering basis that can be put in place as a privacy safeguard? J: There are many options regarding the protection of identities or processing of other personal identifiers that can be utilised in the development of these app services. Some items would include: Provide robust Privacy Notice and Consent upon download of the app, detailing its access rights to Bluetooth, GPS, Cell-ID or other positioning information required for effective use of the service. Assigning a digital ID solution for app users that does not allow for direct identification of users of the app. This will allow for the users to share pseudonymous data rather than direct identifiers, bringing some privacy protection. Digital IDs assigned to each individual user will allow for non-identifiable information to be processed as encounters occur, allowing users to pass each other and be informed of a contagion risk where necessary, whilst protecting each other’s identity. An example of this can be seen with Finland’s contact tracing app. Rotation of digital IDs over a reasonable period will also add protection so as to not allow for retrospective analysis of encounters with other COVID tracing app users. Clearly there needs to be a balance struck between the efficacy of encounter detection and user privacy. Find Julian on LinkedIn....
- 3 identity and access management principles every digital service provider needs in 2021November 20, 2020I think most of us are ready to put 2020 behind us, closing off final deals and crossing the finish line on projects we may never have expected to need to prioritise this year. We’ve all learnt a lot in a short space of time, not least the critical value of flexible digital infrastructure to support whatever the years ahead may bring for businesses. Whilst we’re not entirely sure what’s in store for 2021 and beyond, we do know that three digital trends are likely to stay whatever happens next. The first is simply the increase in digital interactions as customers need to transact online, or now prefer its convenience. The second is the subsequent rise in cyberattacks as bad actors take advantage of the increased opportunity for manipulation. The third is the growth of remote working, which most agree is here to stay in some capacity, increasing the likelihood of privileged access over the public internet and Bring Your Own Device (BYOD). Here are three, important yet oft-forgotten, identity management principles to help guide us through the security, customer experience and operational efficiency challenges that these trends present. 1. Data collection – less is more We’ve seen it with the media’s scrutiny of Covid tracing apps and social media’s role in the US election – more and more people are waking up to their right to privacy. Perhaps not all of us value our privacy as much as we should, but certainly awareness of data privacy is growing and transparency over data use is key. Best-practice identity management can help you practice the principle of data minimisation – essentially only asking for data that is absolutely necessary, and not keeping it for longer than needed. So if I’m signing up for a music streaming service, it may need to know some aspects of my identity – like my email address and bank details – but, according to data minimisation, would not need to know my gender. The service may prefer to know my gender so its marketing team can analyse demographics, but it is not necessary to my use of the service. Many apps, like Instagram, will make these fields optional to avoid registration abandonment. It’s important to offer a self-service account management capability so that users can manage their own identity data and view what you know about them. It’s also important to be transparent around what you know and why you need to know it, in order to build trust with your customers. The good news is that many users are still happy to provide non-essential data if there is value for them in doing so. For example, if you let them know that this will enable you to personalise the service that you’re providing to them. This results in more loyal customers and more successful marketing/sales teams who can target their efforts based on up-to-date information – not information that’s been assumed or has expired in your CRM. Speaking of your CRM, make sure it’s integrated with your app’s identity and access management. By integrating these systems, you avoid data siloes and wasting time and money on either updating each system individually or not leveraging the most up-to-date information for sales/other processes. Finally, avoid asking your customers to provide identity credentials when it’s not necessary. By employing single sign-on (SSO) and step-up authentication, you can achieve the correct balance of robust security and seamless customer experience. SSO means that customers only need one set of login credentials to sign into all authorised services. If one particular service requires stronger authentication than the others, for example billing, then you can step up authentication for just that service (i.e. require another authentication factor, as we’ll see in the next principle). 2. MFA is a basic requirement Multi-factor authentication (MFA) is no longer a security gold standard; it is just standard. As a reminder, MFA is the use of more than one authentication factor (like a username/password plus a fingerprint scan). Customers generally fall into two camps – the camp that cares about their online security so will demand MFA availability, or the other camp who don’t really care and won’t go looking for it (and are therefore more likely to present a breach risk to your organisation). You must offer MFA to your users and, if you don’t enforce it, encourage them to set it up. If you don’t have MFA in place by the end of 2020, 2021 is the year you must find the time and budget for it. Not doing so may mean much more time and budget spent on dealing with a data breach down the line. Remember that not all authentication factors are created equally. Some, like a password or social media login, are unlikely to be strong enough when used on their own as they can be hacked more easily than other methods. Others, like a bank ID or authenticator app time-based one-time password (TOTP), are stronger as they’re harder to hack. Whichever combinations you decide to enable for access to your application should reflect the sensitivity of the data you’re storing, the geographical location of your users and your regulatory context. It’s also a good idea to provide options, as only providing one choice will alienate certain users (e.g. some users may not have social media accounts or may be unable to provide certain biometric data). 3. Least Privilege It can be hard to keep on top of which accounts have access to which systems internally, let alone with your (usually more numerous) external customers and/or partners. The principle of least privilege denotes that user accounts should only ever have the minimum access authorisation necessary to their role in the service. I’ll cover two examples. The first example is with remote employees. When staff are in the office, it may be easy to identify anyone who should not be accessing your company systems and stop them before they do any damage. After all, they’d have to be sat in front of a team that knew them for an imposter. But with the increase in remote working, it’s more likely that bad actors could take advantage of the anonymity and gain unauthorised access to an account. If this does happen, you’ll want the hacked user’s account to have access to as little data as possible to minimise what information is visible/vulnerable to the hacker. The second example is a business to business use case. Say you run an online service for your business partners, where several employees within the partner business need access to your service. The easiest thing to do is give everyone at the partner business an account with the same level of privilege. However, this would mean that if any of those accounts are hacked, the hacker also gains full access rights. But the accounts don’t all need access to every area, so this method presents an unnecessary risk. Perhaps only an administrator needs to have access to billing, while an ordinary member only needs enough access to upload documents. Here, different access rights levels reduce the risk of more sensitive areas being hacked. In this example, Delegated Authority streamlines how you handle these access levels by giving the partner business administrator control over their own employee invitations. This saves both businesses time and, therefore, money. Final thoughts With life online taking centre stage right now, digital identity is still firmly under the spotlight. How we protect and make life easier for our online users now will ultimately have a huge impact on business success, regardless of how long it takes to return to ‘normality’. Of course, these principles above are only three out of a long list, but it would be wise to keep returning to these and asking yourself and your team if you continue to do enough on each. For your identity and access management needs, including SSO, MFA and Delegated Authority, find out more about Ubisecure Customer Identity and Access Management (CIAM)....
- Announcing a partnership between Ubisecure and VerimiNovember 16, 2020Today we announced an exciting new partnership with the leading identity provider in Germany, Verimi. The partnership sees Verimi digital identities added to the authentication methods offered through Ubisecure’s Customer IAM (CIAM) and Identity-as-a-Service (IDaaS) solutions, enabling service providers to accelerate deployment of Verimi digital identity support. Verimi and Ubisecure’s joint solution gives client companies seamless identity management for their external users (such as customers, partners, citizens), with privacy by design at its core. Read the full press release in English here and in German here. Roland Adrian, Managing Director at Verimi, said, “we’re very excited to partner with Ubisecure as a leading provider of CIAM in Europe. Ubisecure has access to the relevant market and with many years of experience deeply understands the needs of consumers and companies.” Volker Zinser, Head of DACH at Ubisecure said, “it’s fantastic to be able to offer Verimi’s platform as an authentication solution to our customers in Germany and beyond. They are a leader in their space and have an excellent reputation for compliant, secure and user-centric solutions – also qualities that Ubisecure prides itself on enabling. Our use of the OpenID Connect standard has enabled integration of our technologies, showing that investment in open standards and interoperability really pays off.” Find out more at Ubisecure or Verimi....
- Verimi and Ubisecure partner to accelerate use of verified digital identity across EuropeNovember 16, 2020Ubisecure CIAM now enables rapid acceptance of digital identities with Verimi Services for registration, login & digital signatures for consumers in Germany and across Europe. BERLIN AND MUNICH, GERMANY – 16 November 2020 – Today Verimi, the leading identity provider in Germany, and Ubisecure, a customer identity and access management (CIAM) solutions expert with offices across Europe, announced a strategic partnership. (Read this press release in German here) With Verimi, digital identities can be added easily to authentication methods offered through Ubisecure’s Customer IAM (CIAM) and IDaas (Identity as a Service) solutions. Ubisecure and Verimi combine their identity management capabilities to provide a joint solution that provides customer companies with seamless identity management for their external users (such as customers, partners, citizens), with “Privacy by Design” at the core. Verimi’s digital identity solution offers consumers a valid, flexible and convenient way to engage with companies and institutions. With Verimi, the user has sole data sovereignty and decides which data is passed on to the respective application partner. All user data is verified, so application partners can be sure of who they’re dealing with, while users benefit from its ease of signing up/logging into multiple services. Ubisecure CIAM enables fast integration of Identity & Access Management capabilities such as single sign-on (SSO), multi-factor authentication (MFA), a wide range of trusted identity providers (IdPs), and complex delegation of authority. It facilitates workflows to increase security, improve customer experience and comply with regulations. The CIAM solution can be deployed as IDaaS, Cloud, or on-premise software, depending on client needs and preferences. Service providers in Germany are ramping up digitalisation efforts, particularly in light of the current global situation limiting face-to-face contact. This joint solution provides a way for Ubisecure and Verimi’s client organisations across all verticals to digitalise their solutions with seamless identity management, from registration to subsequent logins and across the entire identity lifecycle. For example, a bank could deploy the solution to allow its customers to seamlessly log into all of its digital services with their Verimi-ID, and then securely and compliantly manage those identities ongoingly with Ubisecure-enabled workflows. Verimi is accepted by service providers including Allianz, Deutsche Bank, Postbank, Deutsche Telekom and many others. Roland Adrian, Managing Director at Verimi, said, “we’re very excited to partner with Ubisecure as a leading provider of CIAM in Europe. Ubisecure has access to the relevant market and with many years of experience deeply understands the needs of consumers and companies.” Volker Zinser, Head of DACH at Ubisecure said, “it’s fantastic to be able to offer Verimi’s platform as an authentication solution to our customers in Germany and beyond. They are a leader in their space and have an excellent reputation for compliant, secure and user-centric solutions – also qualities that Ubisecure prides itself on enabling. Our use of the OpenID Connect standard has enabled integration of our technologies, showing that investment in open standards and interoperability really pays off.” For more information, contact Ubisecure or Verimi. About Verimi Verimi is the European cross industry identity and trusted platform. Verimi combines a convenient central login (Single Sign On), highest data security and protection standards in line with European law and the self-determination of users regarding the use of their personal data. Verimi was founded in spring of 2017. The identity and trusted platform is supported by a network of thirteen international corporations. The shareholder network includes Allianz, Axel Springer, Bundesdruckerei, Core, Daimler, Deutsche Bahn, Deutsche Bank, Deutsche Telekom, Giesecke+Devrient, Here Technologies, Lufthansa, Samsung and Volkswagen. Find out more at verimi.de/en About Ubisecure Ubisecure provides Customer Identity & Access Management (CIAM) with IDaaS (SaaS IAM), Identity APIs, and on-premises software solutions. CIAM helps protect against identity data breaches, and also helps organisations improve their customer experience and reduce operational costs. Capabilities such as Single-Sign On (SSO), MFA, real-time identity verification, authorisation and more can be quickly implemented into applications using our Identity Platform. Through our RapidLEI service we are also a GLEIF accredited, and now the fastest-growing, Legal Entity Identifier (LEI) issuer. Our vision is to simplify and secure the automation of interactions through the three key identity domains; individuals, organisations and things at varying strengths of authentication and levels of assurance. Find out more at www.ubisecure.com...
- New Zealand’s Digital Identity Trust Framework with Andrew Weaver, DINZ – Podcast Episode 32November 11, 2020https://media.blubrry.com/identitypodcast/p/content.blubrry.com/identitypodcast/Ubisecure_Podcast-Andrew_Weaver.mp3Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Google Podcasts | Spotify | Stitcher | Email | TuneIn | Deezer | RSS | MoreLet’s Talk About Digital Identity with Andrew Weaver, Executive Director of Digital Identity New Zealand (DINZ). In episode 32, Andrew fills us in on the main trends and challenges for digital identity in New Zealand, its national Digital Identity Trust Framework and the importance of interoperability between identity systems. He also gives us an excellent tip for individuals and organisations on reframing identity, inspired by Maori identity validations – trusting and respecting identities as a precious gift. “The strange thing with digital identity is most of the technology that’s needed is already there – we’re not really inventing anything new. The key to digital identity working is actually in collaboration.” Andrew Weaver is the Executive Director of Digital Identity New Zealand, an organisation whose mission is to create a digital identity ecosystem that enhances privacy, trust and improves access for all people in New Zealand. Andrew is a strategic specialist with over 30 years hands-on management, consultancy and systems development experience built throughout New Zealand, Australia, Asia and the Middle East. He is also an active and passionate supporter of social enterprises and charities working in New Zealand and overseas. Connect with Andrew on LinkedIn. Digital Identity NZ is a purpose driven, inclusive, membership funded organisation, whose members have a shared passion for the opportunities that digital identity can offer. Digital Identity NZ supports a sustainable, inclusive and trustworthy digital future for all New Zealanders. Find out more about Digital Identity NZ at digitalidentity.nz. We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure! ...