Ubisecure Identity Platform Feature List

IDaaS | Identity Server

Customer Experience

Simplify and improve how your customers engage with your digital services.

Simplified or automated customer registration

  • Configurable best practice templates for registration and login, or complete customisation via API
  • Use existing digital identities (social login, professional, enterprise, verified or regional eID) for easy registration and login authentication
  • Verification of customer’s real identity remotely
  • Automated registration based on contract information queried from connected CRM(s)
  • E-mail and phone number verification

Identity federation and business networks

  • Business customers Single Sign-On (SSO) to services from their own corporate network
  • Acquire new customers from business network partners and enable customers to adopt new services from partners
  • Strengthen customer profile, or verify any weak identity with a strong multi-factor method or link to a 3rd party digital identity in any defined context
  • Protocol translation, e.g. from SAML to WS-Federation and vice versa
  • Supported standards: SAML 2.0 (independently tested), OpenID, OAuth 2.0, OpenID Connect, CIBA, Mobile Connect, WS-Federation, TUPAS, ETSI MSS (ETSI TS 102 204)

Bring Your Own Identity for quick conversion and improved retention

  • Out of the box support for dozens of Identity Providers, new providers added via Authentication Adapter microservice
  • Avoid storing of PII by using third party identities

Single Sign-On (SSO) across all connected services

  • Single identity for multiple applications
  • Centralised policy management delivers the right identity attributes to internal or external applications (GDPR)

Branding support

  • Completely brandable solution without any extra development / coding
  • Configurable interfaces for branded SSO

Security & Privacy

Minimise identity data breach risk, ensure your customer’s, partner’s and supplier’s security and meet privacy regulation and expectations.

Identity Attribute Broker Engine

  • Pseudonymisation of identity
  • Aggregate identity attributes from various sources, i.e. user database, CRM, 3rd party APIs
  • Minimal attribute set supports user privacy – granular control over which attributes are sent to target applications

Multi-factor authentication (MFA)

  • Contextual step-up authentication 
  • Username+password: ID+pwd, Windows SSO, AD integration, SQL integration, LDAP
  • OTP: OTP TAN list self-service print-out & SMS OTP, 3rd party tokens and mobile apps
  • Mobile: Mobile Connect, SMS+URL, USSD, Swipe/Click OK (app), PIN+PKI (app), biometrics+PKI (app), TOTP (app) inc. Google Authenticator
  • Mobile PKI: ETSI MSS Wireless PKI standard (native client)
  • PKI: Smartcards, tokens, soft certificates
  • Biometrics: inc. Hitachi VeinID

Step-up identity sources and step-up MFA

  • Numerous methods to authenticate a user (social, professional, verified and Government) at the right time in the customer journey
  • Social: support for Facebook, LinkedIn, Google+, Github, Amazon, Yahoo, Mixi, VKontakte
  • Business: support for Microsoft O365, Google Apps for Business, Salesforce, Active Directory
  • Verified: support for Government eIDs, BankIDs, TUPAS, BankID Sweden, EID2 Sweden, NemID Denmark
  • Open standards: support for any OpenID, OAuth based identities via Authentication Adapter microservice
  • Build Identity Proofing & Identity Verification services into any decision workflow. Integrated Onfido support

Best practice basic credential management

  • Password policy & recovery/reset
  • Basic credentials (e-mail, phone number) verification

Authorisation management

  • Centralised authorisation policy management
  • Flexible authorisation policies per service
  • Role based access control and attribute-based access control
  • Authentication and authorisation policies can be quickly modified for one or more online applications using the administrative web interface
  • Zero or minimal policy development effort is required for the connected applications

Ubisecure Directory

  • Scalable and secure storage of identity data and attributes
  • Local residency for identity data and attributes
  • Consolidate risky, overlapping identity data silos

Meet privacy and security regulation

  • Centralised access, modification / review, transfer and deletion of PII (GDPR)
  • Consent collection, management and revocation (GDPR)
  • Centralised policies for control of identity attribute release (GDPR)
  • Strong Customer Authentication (PSD2)
  • Extensive standards support: SAML, OpenID Connect, OAuth, Mobile Connect, ADFS 2 & 3 (WS-Federation), TUPAS

Data Residency

  • Client-defined data geo-residency location for IDaaS
  • Local network data residency for Identity Server (software)

Business Transformation Impact

Use digital identity to improve your organisation’s productivity, automate repetitive tasks and create self-service experiences for customers, partners, and suppliers.

Delegated Authority – multi-tier B2B and family delegated administration and delegation of authority

  • Core scaling feature requirement for B2B, B2C and B2B2C IAM requirements
  • Allow external users to manage their own organisation’s (or family) user identities and delegate roles with ease at a national scale
  • Create new organisations, new users, invite external parties, authorise employees and more
  • Minimise the amount of outdated or incorrect customer data through self-management
  • Cost savings achieved in customer service operations by delivering self-service workflows for your external users

Right to Represent

  • Connect to and check company identity and mandated rights of individuals to represent their company in real time
  • Build into KYC or onboarding workflows
  • Based on Legal Entity Identifiers issued by Ubisecure (#1 accredited GLEIF LEI Issuer)

Self-service identity management

  • Out-of-the-box support for password management, recovery and verification
  • Verification of email and phone number during registration
  • Self-service functions for authentication method management

Identity profile management

  • Link LDAP and SQL databases for a centralised view of customer data
  • Eliminating risky and expensive overlapping identity repositories and silos
  • Reduce the number of accounts / identities per user

Extensive SSO support for existing cloud applications

  • Enable SSO to cloud applications such as box.com, Dropbox, Salesforce, Mindflash, and more
  • Enable strong authentication for business critical cloud applications using any supported authentication methods

CRM integration/linking

  • IAM database master of identities, CRM master of contract information
  • Automate linking of customer identities to the CRM contract lifecycle
  • Increase efficiency in on-boarding by sending invitations directly from the CRM interface
  • Improve the accuracy of customer data and increase sales and marketing efficiency
  • CRM applications such as Salesforce.com and Microsoft Dynamics integrated via API

APIs & application integration

  • Quick application integration for WebSSO protocols such as SAML, OpenID Connect and WS-Federation
  • Other integration options: HTTP header injection (possible to also emulate SiteMinder, WebSeal, SelectAccess, etc.), HTTP basic emulation, Kerberos constrained delegation (requires TMG or Citrix Netscaler), IIS 6 impersonation (S4U impersonation)
  • RESTful APIs to embed identity management functions to own applications
  • SAML Attribute Query supports user attribute verification during a valid session

Out of the box and customisable workflows

  • Create your own workflows through simple configuration — no scripting or programming needed
  • Configure multiple workflows based on use case or business requirements
  • Automate workflows or approval processes
  • APIs to embed identity management functions into applications

Streamlined reporting and support for 3rd party enterprise tools

  • Simple BI integration
  • Exports to SIEM platforms
  • Provisioning through any ESB

Ready to get started?