Identity and Access Management (IAM) covers identity management (IdM) as well as access rights and control. Identity lifecycle management and the synchronization of identity information connects together people, information, devices, and systems (entities). Access control ensures that only authorized entities can access other destinations in a timely manner and regardless of location or terminal.
WeAre provides services around digital identities, from mapping the current state, modernising thinking patterns and streamlining processes to technical development and maintenance of implementations. With our experience, we are paving the way for improving your company's security through the maintenance of account data and access rights, as well as access control. The work can be divided into several different parts, that your business can choose separately, but we are also happy to provide a comprehensive package around identity and access management.
Covers the mapping of existing identity management systems and their use, the imaging of processes in situations where they have not been considered, and the readiness of existing systems to be used in accordance with our concept. Extensive planning enables process imaging of identity and access control entities and defining of user lifecycle management.
In a situation where the customer’s current state and target state are already clear, we are happy to help our customers enable practical implementations, both at the technical level and in the roles of project management. Our work history ensures a multidisciplinary mindset and gap analysis process at a level that ensures the end result is functional, enables future change factors and, if necessary, meets strict regulatory requirements or other required compatibility criteria.
Once the project is completed, we will help maintain the functionality of the systems, make changes to them if needed, and expand the entities to cover new needs. We are involved in supporting and strengthening the client's own set of identity management experts, or helping in training and familiarising the team from the start.
There are many ready-made identity providers on the market, that suit the common authentication use cases of most organisations. WeAre's experts are ready to help in selecting the best suited product, technology, and solution for your specific needs.
In addition, WeAre is offering our own Identity Provider solution, which in addition to the above, adapts to more challenging use cases, that the ready-made and easy solutions cannot solve. The implementation is interfaced and adapted to the customer's identification means using program code. The implementation can also be connected to customer systems for which there is no ready-made or smooth method available.
Identity Provider, is a service that implements OpenId Connect (OIDC) and SAML2 authentication policies that identify users, enabling them to access systems and applications. IdP can be used to implement Single Sign On (SSO), which allows a user to access all authenticated applications based on a single authentication transaction without separate authentication. IdP connects to authentication methods as needed. WeAre has implemented an authentication proxy model that relies on existing OIDC authentication sources (e.g., Azure AD, Google, Facebook, etc.). The user information generated by the authentication methods can be enriched from other sources, such as the organisation’s IdM system. IdP is implemented with open source Shibboleth Identity Provider software.
IdP connects to authentication methods as needed. WeAre has implemented an authentication proxy model that relies on existing OIDC authentication sources (e.g., Azure AD, Google, Facebook, etc.). The user information generated by the authentication methods can be enriched from other sources, such as the organization’s IdM system.
IdP is implemented with open source Shibboleth Identity Provider software.
It is possible to implement phases to the identification process, in which the user identification information obtained from the identification method is enriched with user data from external sources. For example, if a customer's user authentication is based on the Azure AD authentication service, but the user role information is stored in a separate system, the role information can be retrieved from another system (e.g., CRM) after the actual authentication event and then added to the authentication response. The decision on user access to the application can be made based on the role information.
The enrichment of authentication information in connection with an authentication event saves the implementation of a separate synchronisation to the service, as the user role is handed over during the authentication event.
The customer may have an identity provider service in use, which is not compatible with a system in use, that relies on authentication. Typically, the client has a SAML2 authentication solution, but the service has implementations for only OIDC-based access control. Or the case may be the other way around.
The authentication service can act as an adapter, i.e. an intermediary, where the authentication method is adapted to the service in the form for which it has ready-made solutions. Even the very unique and hand-tailored services can often be protected by authentication, even if they were not initially implemented with a single sign-on method or with connections to modern authentication protocols.
Sales and Marketing
+358 44 504 4828
Jos olet pyrkinyt löytämään kustannustehokkaan ratkaisun hankalaan identiteetinhallinnan ongelmaan, olet todennäköisesti huomannut, ettei sellaisia ole juuri saatavilla. WeAren tunnistuspalvelun avulla…
Asiakkaan tunnistusratkaisun toteuttamisen yhteydessä teimme äskettäin havainnon:
Microsoft tulkitsee mielenkiintoisesti Azure AD -palvelussaan OpenId Connect -tunnistamisessa id_tokenissa luovutettavan iss claimin merkityksen.
On vaikea perustella saati väittää…
Tunnistamiseen liittyvä keskustelu painottuu usein pieneen yksityiskohtaan, kuten tunnistusvälineeseen. Herkästi unohtuu tarkastella tunnistusketjun kokonaisuuden vahvuustasoa, kun keskitytään löytämään vahvuuksia ja heikkouksia itse välineestä.
Artikkelisarjan uusimmassa osassa keskitytään kertakirjautumisen ja federoidun kirjautumisen hyötyihin ja haittoihin. Ensimmäisenä tuon esiin keskeisen haasteeseen, joka kohdataan kun mitä tahansa toimintoja keskitetään. Vasta sitten keskitymme etuihin.