Access Management

The core functionality of each IAM is the ability to authenticate and authorize users. What is worth mentioning is that there are several worldwide accepted protocols to perform such operations , so it is important to keep up with them and latest security recommendations. Another challenge is to keep being open for constantly changing set of external identity providers in order to deliver identity federation if required by the users and beneficial for your business.

UMM Features:

  • Most popular protocols support:
    • Open ID Connect
    • OAuth 2.0
    • SAML 2.0
  • Social login supported (i.e. Google, Facebook)
  • Identity federation available (you can you can use your chosen identity federation service)
  • Internal identity storage
  • Access restrictions at UMM or application level (based on token details)
  • Session manager/token manager
  • Log and registration monitoring “Log manager”
  • MFA allows linking account with popular authentication apps

Single Sign-On / Single Log-Out

The business today requires specialized set of IT tools in order to maximize efficiency, reach goals and be successful whatever you do. This may however bring in some drawbacks like necessity of integration between systems or being forced to switch between tools using multiple credentials to authenticate.

This is where your organization, meaning your employees and customers, benefit from Single Sign On (SSO) and Single Log Out (SLO). Having a single set of credentials centrally stored, allows to authenticate in the whole set of tools that one needs, enables you to deliver more user friendly, efficient and secure experience. On top of that leveraging dedicated SLO mechanisms (token invalidation, session termination, web hooks notification, session termination API calls…) helps you to keep your clients’ access under control and resources out of the reach of unauthorized parties.

Key benefits of SSO and SLO:

  • One set of credentials to be remembered (user comfort)
  • One log-in action to authenticate in the whole ecosystem (improved productivity and user experience)
  • Reduced support costs / help desk effort (one authentication provider to manage)
  • Improved compliance and security (centrally managed password policy)
  • Facilitated B2B and empowered loyalty (already have an account? Just sign in!)
  • Full control over authentication in distributed environment (sign in/out everywhere)

 

Unified / Centralized user profile

Unified and centralized user profile is the core value that every IAM/CIAM system brings in.  Not only it makes SSO straight forward, but provides wide set of possibilities concerning user management, security enforcement and compliance.

Having users and/or customers profile data centralized gives you incomparably better view and understanding of your business.  Unification of the profile significantly speeds us in-house development as all the APIs handling profile data are already available and all processes concerning authentication and authorization are ready for applications you’d like to on-board.

CIAM with centralized profile is also a great tool for both your help desk to support users and clients themselves to benefit from all self-service capabilities.

CIAM Is a good candidate for all kind of user data with high reusability ratio and strong personal character (like personal data, email, phone etc.) but please keep in mind that application specific data should not reside there as this may lead to data redundancy and undesired system dependencies.

Key benefits of unified and centralized user profile are:

  • Empowering SSO/SLO capabilities (single user repository)
  • Good overview of users/customers (centralized repository)
  • Unified technical means for accessing user data (common, reusable model and APIs)
  • Natural Help-Desk tool (to manage user profiles)
  • Extensive self-service capabilities (centralized profile page)
  • Transparency of tool set changes (no user action required for new applications)
  • Simple profile change management (profile change applicable everywhere)
  • Common experience – consistent user experience
  • Natural MDM candidate for customer data (stored centrally)

Account Management

UMM has implemented a set of dedicated mechanisms to provide custom services for B2B sector. Not only we support the notion of user roles and user groups but we have introduced an additional level of granularity which is an account in the meaning of organization. You can configure account owners that are able manage account members, resource access on both user (account member) and account (organization) level as well as create custom workflows and processes on the account (clients’ organization) level. Mentioned set of features is covered by Account Management Module (AMM).

For simple B2C case where we deal with end consumers only, the account level does not have to be used.

Benefits:

  • Better fitting to B2B needs
  • Set of tools for organization self-management:
    • user management
    • roles and status management
    • user invitations and on boarding
    • application subscription management
    • Password reset
  • Pre-populated forms for account specific registration
  • Fine grained resource access (user or organization)
  • Account dedicated custom processes
  • Consumer and Business oriented architecture
  • Account in-house members support (e.g. session logs, password reset)
  • Account specific reporting ( users search, subscriptions status etc.)

Progressive profiling and invitations

CIAM, by definition, is an IAM system which is improved by a set of Customer oriented functionalities. One of the most beneficial of them is so called “progressive profiling” and can be considered as a set of behavior patterns for smooth on boarding and ongoing acquisition of customer data.

The idea behind this approach is to start with on boarding a customer / user with as easy and user-friendly process as possible, gathering only data and consents that are absolutely required. When the users feel part of the ecosystem already, the goal is to encourage them to provide next pieces of data providing additional services in exchange.

UMM also features an invitation mechanism where users (including account admins) can invite other persons to register in their tenants’ CIAM. Combination of the 2 mentioned mechanisms makes UMM a perfect tool to deliver smooth and effective customer and employee on boarding process.

Key features:

  • Fast and effective customer/user on boarding
  • Multi-step custom registration process
  • New user acquisition perspective (user-to-user invitations)
  • Leads perspectives (quick registration)
  • Best user experience through reduced friction (simple form for simple registration)
  • Prioritization of profile attributes
  • Dedicated user on boarding workflows (depending on application, geo-location etc.)
  • Empowering marketing campaigns

Custom Widgets

In order to be successful in terms of customer acquisition or UX it is not enough to provide users with a single registration from. Those may differ depending on application user is registering through, type of user/customer, regional preferences or even the on boarding process we build because of specific business needs. Moreover in the case of in house developments you’d need to build all those forms for each of your applications from scratch.

This is why we have introduced “Widget Server” that defines, renders and handles all the forms for you. In other words applications simply need to embed UMM widgets and the rest is handles by UMM. We like to call those forms “widgets” as they are far more sophisticated than simple forms, as they can be defined using UMM Widget Definition Language (WDL), are fully adjustable in the context of styling, may handle consents, implement business rules and be a part of progressive profiling process.

Key features:

  • Standardized widgets/forms – ready to be used by integrated applications (iFrame, SDK, API call)
  • Custom CSS styling that can be overwritten locally (by application)
  • Easy form customization using WDL
  • Forms related processes fully handled by CIAM
  • Data on the fly security out of the box
  • Consent management handled within widgets
  • Progressive profiling support
  • Security monitoring and logging included

 

Consent Management

If you think about compliance, privacy and transparency of personal data processing consent is probably the first thing that comes to your mind. Personal data protection is a hot topic nowadays, especially due to GDPR  introduction in may 25-th 2018. It is fair to say that If you can’t seriously manage consents you should not be processing any personal data at all.

We have built a dedicated solution called: Consent Management Module (CMM) that handles consents in far more sophisticated manner that it is even required by GDPR and similar acts. You can define different consent per user role, application, region etc, you can configure business processes based on consent statuses, you can manage them, track them and trigger automated actions on data that they concern.

Highlights:

  • Multi-level consent capabilities (region, application, user role …)
  • Consent lifecycle management and notice versioning
  • Consent action driven process triggering
  • Centralized consent management panel for admins and users
  • Physical bound consent to profile attribute
  • Consent event log

 

Subscription management

CIAM is not only about authenticating users (allowing them to log in) but also to handle authorization of users to access a set of resources. Those can be front line applications, back end services, APIs,  file repositories, SVN branches and others. This kind of access control in UMM is called subscription management.

In order to make it fit to common business needs subscriptions can be conditional depending on user profile status as well as other profile attributes, moreover it can be defined on levels like: user and account (organization) and have its own dedicated attributes. We have also provided subscription management panel for account representatives at given permission level.

Key features:

  • Auto or manual subscription provisioning
  • Customrules based on multiple factors( market , language…)
  • Subscription level attributes
  • Subscription management panel
  • Invitation to subscription mechanism (AMM)
  • Subscription management self-service on account level

Integration and external services

UMM integrates with external applications not only for the purposes of authentication and authorization. Complete CIAM solution needs to be a part of many processes involving multiple systems in your organization hence integration ease is crucial for making it a core piece of your organization’s system architecture.

Key features:

  • ESB for online integration flows
  • ETL mechanisms for offline/batch integration
  • Cloud communication monitoring
  • SMS notification service available
  • Mail notification service available
  • Mail campaign management service available

 

Advanced reporting capabilities

Every organization needs to know what is user activity, how does the application perform, where are the bottlenecks, what are the health reports of the services and many additional business specific metrics and KPIs. UMM supports this needs with a built-in reporting module which can be setup to monitor any system related events on-line. Reporting module can visualize key metrics in graphical form to give you a quick overview of system status and process performance.

Key features:

  • on-line performance monitoring and visualization,
  • key business process KPI definition and visualization,
  • flexile metrics definition,
  • custom triggers and event driven monitoring,
  • client application status and health check