Identity Platform for External Users
Minimise operating costs by streamlining resource heavy workflows, embracing scalable self-service identity management. Empower your customers by linking CRM contract information with identity data. And do it at carrier grade scale.
Tiered Delegated Admin
It is difficult for your sales and marketing department to truly know your customers. Their staff leave or they move within the organisation, and new employees are recruited. Over a year 20-30% of the customer data becomes obsolete or out-of-date.
Ubisecure Identity Platform allows you to delegate the management of the customer identity data to the customer themselves. Delegating the administration of customer identities to the customer organizations has multiple benefits for you and for your customer including increased accuracy of identity data and reduced admin costs.
Watch a quick explainer video on Delegation of Authority here.
- Tiered delegated administration lets your external users manage their organizations’ identities, create new ones, invite others, authorise employees and more
- Minimise the amount of outdated or incorrect customer data by letting your customers manage their own information
- Achieve considerable cost savings in customer service operations by delivering self-service workflows for your external users
Digital transformation allows your customers to accomplish more online and also enables digitalising services that previously required call centres, dedicated customer service desk operations, or a physical location for personal customer service. Online self-service reduces the need to rely on labour intensive operations and creates cost savings. It also allows your customers to conduct business with you on a 24/7 global scale. Such self-service functions empower your customers and puts them in control, creating trust.
The Ubisecure Identity Platform has extensive support for self-service workflows allowing you to quickly build new digital services. The solution is template driven, and customisation is made through configuration rather than coding to ensure rapid time-to-market. The APIs embed IAM related functions into your own processes with ease.
The Ubisecure Identity Platform enables the centralised approach and, thanks to the extensive support for authentication and Web SSO standards, provides applications with greater control.
In a centralised approach you control registration, authentication, Single Sign-On (SSO), federation, and attribute requirements from a single location. It streamlines operations, and reduces the risk of misconfiguration. It keeps application architecture simple, speeding up the time-to-market of new services. A centralised approach allows you to quickly react to market, security or regulatory changes without touching the apps or applications. The Ubisecure Identity Platform and the centralised authorisation policies are tools to finely tune your application environment to meet commercial, usability, security, regulatory requirements that your business requires.
Identity Profile Management
Allowing your customers more control over stored identity data creates trust. In an environment with multiple business lines, mergers or acquisitions identity data can be distributed or repeated between multiple systems. The Ubisecure Identity Platform can be linked to numerous repositories to give the customer a complete view of their identity data, including consents.
- Empower the customer and create trust
- Link LDAP and SQL databases for a centralised view of customer data
- Reduce cost by eliminating overlapping identity repositories
- Reduce the number of accounts / identities per user to minimise complexity
Data verification policy and rules
The built-in workflows of Ubisecure Identity Platform support data verification policies and rules for all collected fields. This provides increased accuracy and relevance of collected information, helping you know your customer better. It also decreases input errors.
- To ensure accurate user input, all registration form fields can have a unique verification logic
- Verification rules can be easily extended
Self-service authentication method management
The Ubisecure Identity Platform allows the end user to manage their own credentials, including password recovery with varying levels of verification. Several methods are supported.
- Out-of-the-box support for password management, recovery and verification
- Verification of e-mail and phone number during registration (i.e. SMS)
- Self-service functions for authentication method management
IAM database master of identities, CRM master of contracts
Each year 20-30% of CRM becomes obsolete or outdated. Your sales managers or customer service have declining visibility into your customer’s organisation.
Linking the customer identity and access management solution to your CRM and enabling a tiered delegated administration model can eliminate these challenges. Ubisecure Identity Platform allows you to outsource the management of (customer) identities to the right place – to the customer organisation itself. When you empower your customer to manage the identity information, the quality of the customer data improves as the information is kept up-to-date by the customers themselves.
CRM and Customer IAM (CIAM) integration can flow both ways. The CIAM system can feed updated customer information to the CRM, and the valid contract data within the CRM can be utilised by the CIAM system to facilitate easier or automated registration processes, allow sales managers to invite prospects or customers to your online services directly from the CRM interface, and mitigate risk by automatically revoking access permissions from customers without a valid contract (end of contract).
- Automate and create cost savings in user management by linking customer identities to the CRM contract life-cycle
- Increase efficiency in on-boarding by sending invitations directly from the CRM interface
- Improve the accuracy of customer data and increase sales and marketing efficiency by 20 – 40%
- CRM applications such as Salesforce.com and Microsoft Dynamics can be integrated to the Ubisecure Identity Platform through extensive RESTful APIs
APIs & Application Integration
Ubisecure’s long standing commitment to open standards and the API community allow your organisation to quickly deploy the IAM functions to your own services.
A wide set of pre-integrated applications reduces the work to simple configuration.
- Quick application integration for standard WebSSO protocols such as SAML, OpenID Connect and WS-Federation
- For non-WebSSO applications, multiple off-the-shelf application integration solutions can be used to connect the online service without extra development effort
- Policies are managed in Ubisecure Identity Platform making it easy to integrate Web SSO to practically any online service
- Other integration options: HTTP header injection (possible to also emulate SiteMinder, WebSeal, SelectAccess, etc.), HTTP basic emulation, Kerberos constrained delegation (requires TMG or Citrix Netscaler), IIS 6 impersonation (S4U impersonation)
- RESTful APIs are available for multiple functions enabling you to embed identity management functions to your own applications and services or request additional information about the user during runtime
- SAML Attribute Query supports user attribute verification during a valid session
Cloud Application Support
The Ubisecure Identity Platform enables Single Sign-On (SSO) for your employees access web apps in the cloud. SSO reduces the number of required passwords for the employees is not only a convenience and increase in productivity, but also a risk mitigation factor.
- Built-in support for industry standards make it easy to integrate to cloud applications.
- Enable SSO to cloud applications such as box.com, Dropbox, Salesforce, Mindflash, and more
- Enable strong authentication for business critical cloud applications using any of the 20+ supported authentication methods available, including strong multi-factor out-of-band methods
Scalable storage of identity / data
Storage of identity data must be reliable and scalable. A solution that ensures only correct persons, authorised properly, can access your online services must be able to scale as unlike Employee IAM where thousands of users are involved, Customer IAM typically supports hundreds of thousands, if not millions of users or thing.
Authentication events should be fast, and Single Sign-On between services should be reliable. However there also needs to be functionality to ensure regulatory compliance by sending only minimum viable data sets to the receiving application. Ubisecure Identity Platform is optimised for b2b and b2c use cases, and offers services to because it has been built to scale to carrier grade deployments can meet such requirements.
Each corporate environment is different. To avoid lengthy deployment projects, Ubisecure has developed a highly customisable collection of workflows that can speed up and simplify the deployment of the Identity and Access Management solutions. Our solutions are configured to fit the environment, without the need to develop / code additions for lacking functionality.
- Reduces coding tasks to configuration
- Increase convenience and customer satisfaction by deploying out-of-the-box workflows for registration, authorization, identity management, invitations, password resets and more
- Create your own workflows through simple configuration — no scripting or programming needed
- Configure multiple workflows based on use case or business requirements
- Automate workflows or approval processes
- Utilize APIs for a seamless user experience. You can utilize the RESTful APIs and embed identity management functions directly to your own applications
Business Intelligence and Other 3rd Party Systems
Ubisecure Identity Server can be integrated to a number of third party systems from business intelligence to SIEM. The detailed logs and extensive APIs can give you insight into customer behaviour, or can enable you to quickly react to emerging threats.
The Platform logs user behaviour and provides streamlined reporting as well as integrated support for off the shelf 3rd party Business Intelligence solutions.
- Simple BI integration
- Exports to SIEM platforms
Provisioning is a term used mostly in an enterprise identity and access management environment. A traditional Enterprise IAM will get the call from an Human Resources (HR) system when a new employee arrives to the company. Then it’s all about provisioning the identity and the privileges to the internal target systems. Customer Identity and Access Management is different in many ways.
When a Customer IAM solution is used, provisioning needs are minimal for the external users. In most cases the centralised CIAM solution takes care of the identity profile, and sends only the identity data that is required to the target application based on the centrally managed authorisation policy. To keep things manageable, it doesn’t make sense to build an identity repository to the target application where something should be provisioned.
There are cases where external users may need access to your internal applications. You might have contractors or consultants that are working for your organisation. In these cases the CIAM solution can be used to integrate to your enterprise service bus (ESB), where provisioning takes place. As they are external users, and they have a contract with you, the access privileges can be tied to the contract validity. Once the contract expires, access privileges are automatically revoked. This can improve the security, especially in cases where these external users might have had high privileged access for e.g. server maintenance.
Ubisecure solutions provide highly secure, highly available mission critical services to our customers. Identity Platform solutions can be deployed as on-premise IAM software or as cloud based managed services.