SSO (Single Sign-On) Login
Customer SSO Login

Identity Provider (IdP) Support

Ubisecure’s Authentication Adapter microservice provides your applications with out-of-the-box support for delegated authentication from many Identity Providers, and fast addition of any standards-based identity credential including SAML, OpenID, OAuth 2.0, OpenID Connect, Mobile Connect, WS-Federation.

• Social
• Business
• Verified Digital Identities
  
• Federated Networks

The Identity Broker Engine enables the smart exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:

• Normalising data from different providers to simplify application integration – e.g. bank sends date of birth in mm/DD/yyyy format and mobile operator yyyy-mm-dd.
• Masking user data according to minimum information disclosure principles – e.g., bank sends date of birth in full, and the Identity Platform can send to the integrated application that the user is “over 18”.
• Providing pseudonymization – only send a token that the user is the same as last time with no other user identifiable information.
• Providing anonymization – ensure the user is real and has the required permissions (roles and attributes) but send a unique token each time to prevent tracking or collusion between recipients.
• Directory mapping – using a unique identifier sent by a third-party identity provider to find a user in a local database.
• External service queries – using a unique identifier sent by a third-party identity provider to find a user in a local database by resolving a common attribute through a commercial or in-house web service.

The Engine is used to efficiently integrate data sources such as AD, LDAP or SQL, so the user identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. The identity attributes of the user are collected and modified so that they will match the access and authorisation requirements of the application that the user is trying to access. Naturally, only those attributes needed for functioning and authorized by the user are shared.

If the user moves to another application and needs a different set of identity attributes, the Engine will automatically create a correct user profile. The Engine allows for a creation of an environment where privacy-by-design principles are followed by allowing the applications to receive the exact and minimum amount of personal data and where needed, anonymising attributes.

Improve Security, Eliminate Support Costs

With reduced login credentials to remember, users will have less impact on support help desks. With less password fatigue, users will expose passwords less.

Centralised Policy

Benefit from a centralised policy management that delivers the right identity attributes to internal or external applications ensuring compliance to privacy regulations. Centrally control who has access to which resources or applications in your ecosystem – down to domain, specific resources, applications and digital services.