Do you have a file on your computer called ‘passwords’? Or do you simply have a large number of Post-it notes tacked to your screen? Or perhaps you have different password vaults, and try to avoid duplicate entries? Let’s hope these practices are just a remnant of past systems and that you are now using federated identity management (FIM) throughout your enterprise. If not, here’s some advice on how to put federated identity management to use in your company.
Read on to learn:
Federated identity management is a question of trust. Trust between two or more domains. Or trust between two or more enterprises. These domains or enterprises make an arrangement that allows users of these domains or enterprises to access services and applications by using the same digital identity. Once the user has been authenticated by one of the domains, (s)he can gain access to the available applications of all the enterprises that belong to the group in which this trust agreement has been made. Besides FIM, other terms used are federated identity, to denote the identity that serves for all services or applications, and identity federation.
Each enterprise that participates in this group of trust can go on using its own identity management system, but a user can authenticate to one domain and then access services or applications in another domain without needing to perform a separate process to log in or authenticate. To achieve this, the domains communicate: the first system sends a message to the second system, telling it who a user is, and also assuring the second system that the user has properly authenticated. If the domain that provides the applications uses Attribute-based Access Control, it can use the attributes of the domain that provides the identity to better secure and give fine–grained access to the applications.
The principle of federated identity is simple enough. It is very much like a group of friends. When I introduce you to a friend of mine, I tell you: “this guy is my friend. I trust him, so you can trust him too.” You may believe me at face value but, between enterprises and applications, we need a number of agreements to be made, and we require a number of key components:
It is easy to mistake Single Sign-on (SSO) for federated identity management. Despite their similarities, they are not the same, and federated identity management goes much broader than SSO.
Single Sign-on is exactly what its name promises: SSO allows users to access multiple applications at once, using just one set of credentials. As an example: within an organization, employees can use the same credentials (for instance, a username and a password) to access a variety of internal applications: a CRM system, HR applications, a time recording system, etc. For employees, this is easier than having to remember several sets of usernames and passwords.
However, SSO is not restricted to internal systems. Retailers that run web shops for different brands can use SSO to let customers gain access to their accounts with different stores, using the same credentials. Another example: if you book a flight on Ryanair, you can also rent a car or make a hotel reservation using the same credentials to access different applications.
As we’ve seen in the examples above, with SSO, the user is linked to just one organization: an employer or a retailer. SSO is set up to authenticate a single set of credentials across various systems within one organization. Federated identity management goes broader than that, allowing users to access several applications across different organizations.
Better user experience and easier administration are some of the more obvious reasons for adopting federated identity management. Let’s not forget federated identity management was created to solve the problem of users having to memorize credentials for every web application they wanted to access. The proliferation of web applications also meant an uncontrolled growth of identity stores that each held different user credentials. Managing these identity silos efficiently was no easy task. Hence federated identity management.
As you’ve read in the previous paragraphs, federated identity management increases security, unburdens the IT department, and enhances customer experience. These traits are exactly what characterizes our flagship product, TrustBuilder Identity Hub. TrustBuilder has in-built connectors to multiple Identity Providers, supports the existing standards and provides fast access to your applications.
TrustBuilder Identity Hub acts as a unique identity broker, linking any identity provider or a combination of identity providers to any service provider. By opting for TrustBuilder Identity Hub, organizations need not build these connections themselves, but can rely on TrustBuilder to take care of that.
Additionally, the fact that we are using Attribute-based Access Control allows us to use the attributes we receive from a federated identity provider when enforcing adaptive authentication or step-up authentication. We can also check the level of authentication of users to access sensitive applications and data. As an additional benefit, this allows organizations to remain compliant with regulations such as GDPR and PSD2.
The number of apps consumers are using, is only set to increase. Consumers demand ease of use and a frictionless customer experience. Federated identity management is one of the concepts that can help organizations cater to the demands of consumers while, at the same time, making administration simpler for IT. What’s more: product managers wanting to add new services to address new opportunities in the market, need not worry about the authentication part of offering access to these new services. Federated identity management will take care of that.
Want to find out how federated identity management can help your organization? Then contact us for a personalized demo.
Subscribe
Register for our newsletter and stay updated on IAM and TrustBuilder.
Engage in a chat with our product people to discuss IAM trends and challenges, and our solutions.
Take our Maturity Assessment to find out how you can accelerate your digital transformation.
Experience the power of TrustBuilder.io Suite through a demo, personalized to your challenges.
Visit our offices, send us a mail, call us, or simply fill out a contact form.
