If you have ever traveled through French-speaking territory, you will have noticed railway signs saying ‘Un train peut en cacher un autre’. Similarly, if you are a frequent user of applications, you may have noticed that one app can also hide another app. To cater to the convenience that consumers request, organizations in different industries are offering third-party services through their app. To the consumer, moving from one app to another, seems completely transparent. In the back end however, all these applications need to be connected, and access to the different applications needs to be orchestrated. TrustBuilder Token Exchange and Storage takes away this complexity and allows organizations to embed third-party services, securely.
Read on to learn:
Who has authorized access to what application is governed by client-authored policies. When a user wants to connect to other components that work together with an application, these policies are executed by a token exchange.
TrustBuilder Token Exchange & Storage is a solution:
To comply with privacy regulations and give the consumer total control, TrustBuilder Token Exchange obtains confirmation from the consumer that you can link their account with those embedded third-party services.
TrustBuilder Token Exchange & Storage goes beyond the standard OAuth 2 token exchange by working with third-party tokens. TrustBuilder Token Exchange & Storage adds account linking and token caching to achieve both optimal user experience, and security and privacy compliance.
Let us illustrate the seamless user experience using a (fictional) HR service provider, HR2me. For the sake of the example, let’s assume HR2me is a TrustBuilder customer, using TrustBuilder Token Exchange. We’ll use a story about Hanna, an employee being serviced by HR2me and using third-party services affiliated with HR2me. She uses Monizze for eco vouchers and Olympus Mobility for personal mobility. We will follow Hanna as she uses the HR2me app for different purposes.
Hanna opens the HR2me app on her tablet and performs passwordless authentication.
Now that she’s authenticated towards HR2me, she can manage aspects of her career using their services.
She’s already learned that HR2me offers handling of eco vouchers that she received from her employer.
It turns out that HR2me partners with Monizze for this fringe benefit, and HR2me has already linked Hanna’s account. By using the Monizze services through the HR2me app, she is recognized immediately without further need for authentication.
She now wants to collect the ecological products she bought using her Monizze account. To get to the shop, Hanna wants to buy public transport tickets to go to the city. Returning to the HR2me app, she learns that HR2me also offers this, via Olympus Mobility.
Because she hasn’t yet linked her HR2me account with Olympus Mobility, she first has to identify and authenticate herself to Olympus Mobility.
Returning to the HR2me app, she can now link her account at Olympus Mobility with her HR2me account, simply by giving her consent to HR2me.
Booking tickets using the HR2me has now become a pass-through from within the app straight to Olympus Mobility without further requirement to log in.
Hanna is a happy customer of both Olympus Mobility and her HR service provider HR2me thanks to this frictionless integration from within the app. Without leaving the HR2me app, she was able to make a purchase using her eco vouchers and she has obtained a public transport ticket to go and pick up her purchases.
HR2me cannot call a Monizze or Olympus Mobility API without proper authorization. It is TrustBuilder Token Exchange & Storage that enables HR2me to obtain the necessary authorization.
In the first example, Hanna’s accounts at HR2me was already linked with her account at Monizze. The process to obtain authorisation for HR2me works as follows:
TrustBuilder has a vault in which it can safely store access tokens previously obtained from Monizze on behalf of HR2me. TrustBuilder can safely retrieve such a token and pass it on to HR2me. In case it has expired, TrustBuilder will automatically refresh it.
TrustBuilder goes a step further: TrustBuilder provides ready-made integration with third-party service providers. This simplifies the handling by the HR2me app even further:
For the Olympus Mobility connection of the example, Hanna’s account at HR2me was not yet linked. This means that TrustBuilder will first obtain authorization from Olympus Mobility in the form of an Olympus-specific access token. This process will involve authentication of Hanna and obtaining consent from her to link the services.
Note that the login of Hanna at Olympus Mobility happens with the login screens of the latter. In the example, TrustBuilder Mobile Authenticator was used to obtain Hanna’s consent.
With the process described above, TrustBuilder offers HR2me a major accelerator to embed third-party services into their app. TrustBuilder takes care of the secure connections between the different applications and services.
Token Exchange is a standard. TrustBuilder Token Exchange takes this standard to the next level. Core elements of TrustBuilder’s solution that go beyond OAuth 2 are:
Is this simply Single Sign-On (SSO)? In a sense, it is. But it is SSO across completely different domains with their own identities, without any need for a federated trust model and without the need for either party to worry about IT security and identity policies of the other party. It is Single Sign-On that is controlled by the consumer, with explicit consent for linking identities.
Getting authorization at a third party to call services on behalf of an end customer is truly accelerating the integration of third-party services. Using TrustBuilder Token Exchange & Storage, service providers that want to add extra services from partners to their digital ecosystem can do so, both securely and transparently.
Are you interested in making life easier on your users when you enrich your solution portfolio? Contact us for a demo.
Subscribe
Register for our newsletter and stay updated on IAM and TrustBuilder.
Engage in a chat with our product people to discuss IAM trends and challenges, and our solutions.
Take our Maturity Assessment to find out how you can accelerate your digital transformation.
Experience the power of TrustBuilder.io Suite through a demo, personalized to your challenges.
Visit our offices, send us a mail, call us, or simply fill out a contact form.
