B2B IAM

Establish trusted B2B relationships through trusted Organisation Identity

Manage and use organisation identity as a primary identity class.

• Varying organisation identity assurance levels – social groups to verified corporations
• Benefit from extensible schemas for organisation identity attributes, rights and roles
• Start with a foundation of trust – utilise G20 endorsed Legal Entity Identifiers as verified organisation attributes
• Digitally tie an individual identity to a verified organisation identity
• Right to Represent – utilise registry-based ability to check representation rights/authorisations of individuals

Delegated ID

The most powerful delegated admin solution for what is the most common way to create user accounts for B2B IAM and supply chain security scenarios.

• Flexible user account schemas
• Granular control of user access to applications and resources
• Support for multiple administrators
• Well suited to seemingly complex multi-tier hierarchies – org to org, org to individual, individual to org, individual to individual
• Onward delegation reduces Administrator touch points and management overheads
• Centralised authorisation server allows electronic power of attorney function and auditability
• API based solution

>> Learn more about Delegated ID

Multi-System Authorisation, Authentication & Identity Proofing

• Maintain accurate user accounts and entitlements that reflect the actual current users and appropriate access and authorisation roles and rights across multiple applications
• Provide stronger identification of users without sacrificing a low-friction experience
• Rely on more than just the basic Username/Password combo. Integration with 3^rd party MFA
• Acceptance of validated third party identity credentials, both those with identity proofing (i.e. BankID) and those without (social, professional)
• Support for internal enterprise directory identities or CRM based identities
• Step up Auth – low friction method like social identity to register, step up to other IdPs as needed
• Built on Standards (OpenID Connect, OAuth2, SAML, CIBA [Client-Initiated Backchannel Authentication Flow])

Governance & Federation

• Maintain accurate user accounts, attributes, and entitlements that reflect the actual current users and appropriate access rights.
• Identity Directory – eliminate risky, overlapping identity data silos by using Ubisecure’s proven, highly scalable and secure storage solution for identity data and attributes
• Enable logins from the partner’s IdP (internal or run by external 3^rd party).
• Technical implementation of federation can match the business terms
• Outbound federation enables existing identity data pools to be utilised for outbound Single Sign-On to external sites. Gain new ROI on KYC investments and extend use of identities associated with your brand
• Supports OpenID Connect, OAuth2, SAML

Registering Accounts & Managing Identities

• Leading support for large scale numbers of Subtenants / Sub-Organisations to isolate partner data pools and optimise delegation workflows – see Finnish Government case study (422k subtenants)
• Email invite triggers sent by Admins, from system, bulk upload or CRM. No need to be involved in onward delegation unless workflow dictates. Supports large numbers of users
• API support to link registration to CRM based ‘contracts’ to better manage triggering and termination of user lifecycle
• API to connect to 3rd party provisioning services
• IdP Connect allows use of existing verified digital identities, including social, professional, verified and national IDs
• Consent – comply with privacy regulation (GDPR) by giving appropriate visibility and self-management controls for personal data
• Self-service – improve customer satisfaction and reduce support overheads by allowing customers to self-manage identity credential management.