Who are you? Who are you? Access or Identity Management...
3 months ago
3 months ago
You might recognise this dulcet football chant refrain... it can be heard from many a football terrace – “who are you… who are you?'' clearly there’s no desire for authentication here…the verse is rhetorical after all!
We’ve all been caught up with app explosion – some apps we need to use, have to use or really don’t need at all. Migration to the cloud has certainly fuelled this. So we’ve loads of apps with the curse of multiple passwords - that hasn’t gone away either.
But if we can cope with all the passwords and all the apps…spare a thought for your admin and technical team who have limited to no visibility of how not just one system is logging on and recognising users…how to manage 200 apps and hundreds, even thousands of us logging-on and off on all devices at all times all over the World? All with different access rights, rules, policies and processes…that break from time to time.
Well, apply a single solution that gives us, the user, one access and password point…to as many as our apps as possible – but only the ones we need though… (not the ones we don’t use or need) …with the speed and quality of experience as we would use logging in to our private customer account with our bank or favourite forum. This B2C process though, is a blanket process in the case of our bank or forum. Organisations need specific and tailored administration and specific security control.
This calls for an Identity and Access Management solution…sounds easy…it’s not…but it is both do-able and highly beneficial from security through to cost and business reasons.
For our admin team – (the technical specialists get a free pass here on in…only admin need to keep an eye on exceptions)… automation takes over and like the barcode on your football or airline ticket…it’ll open the gate. Better than that though…one is “federated”. That is, our organisation knows who we are. We have a unique identity. It can then federate this ID with other systems and parties without disclosing identity details.
Account creation is linked directly to our organisation’s email addresses, read directly from the relevant provider, bypassing the need for us users to enter email addresses and removing the opportunity for human error or worse. Our organisation knows who we are.
The identity also associates us to groups, roles, locations in our organisation and from an automated application of security policies and rules, prevents access by default to anything other than the permissions assigned.
Alternatively, where access needs to be granted to external users, they may sign-up for access to the relevant resources via a B2C process (and may use a 3rd party account, such as Facebook) that provides access without the need to send details to an email address. Depending on visitor type…access is restricted to the desired level. This B2C process is not a blanket process but as mentioned, associates us to roles, groups, locations. It’s detailed and granular…. or very specific, if you prefer.
If registered users are permitted to authorise another email address for use where login details have been forgotten, an additional layer of authentication (via app or SMS) ensures that user error at the point of address entry will not open a door for unauthorised access to the account.
Once logged in, access to sensitive applications or the performance of administrative functions can also require users to reauthenticate via an additional factor. Maybe qualifying questions are offered up for the user to satisfy.
At last, we have granular identity and access management fitting the organisational requirements, in complex environments and in the workplace. It makes for better user experience, security and control and alerts to suspicious activity. That protects all of us.
Who are you? Who are you? System says ‘I can authenticate you and if you forget your only password…I will enable you to re-set it…you have permission’. No admin or support calls or emails, all done.
And, when we log-in: all our apps are there. No need to separately log-in. No own goals.
For our help with your IAM strategy, feel free to book a consultation with us. Able+ Cloud is a flexible IAM solution, that wraps around your own internal IAM needs.
Able+ Cloud – because everyone’s identity is different