Authentication (IDaaS)
Scroll Down
Overview
IDaaS (Identity and Access Management as-a-service) is gaining traction due to a plethora of Cloud-based applications in the market. A large number of these applications are SaaS-based and require ID verification to provide their services to the users. As highlighted by Gartner, the key elements of IDaaS are the enablement of user access to cloud application and the possibility to reset the password; user authentication and authorization using standards like SAML and SSO with an audit trail.
As there are existing access rights management directories like the AD (Active Directory), a good IDaaS solution should not only provide features for the new age identity access but also interface to the existing methods like the AD. Simage keeps this in considerations when providing the services for IDaaS.
Features
Virtualization has made it possible for SMEs and large enterprises to host their applications in the cloud. There are several advantages of reduced cost of data centers, IT teams and pay-as-you-go. This has brought into focus the greater need for Identity and Access Management in the provisioning of the services. A large number of applications in the cloud follow a subscription model and it becomes essential for the service providers to ensure that the users of their services are authenticated properly. Simage keeps in view the following key features when providing the IDaaS service to its clients:
-
AMFA (Adaptive Multi-Factor Authentication): Authenticating the user by multiple methods is essential to ensure accurate verification of the user credentials. However, MFA can become cumbersome from an access management point of view, i.e. the users who have to access the online applications multiple times in a day might find it tiring to enter their login credential frequently. With AMFA, the number of authentication methods is determined by the requirements of the situation. For example, if the user is already in the office and has the physical access rights to the office, then the number of authentication methods can be reduced. If the user is access the online resource through an internet cafe then the number of authentication methods can be increased accordingly. Hence the system is intelligent to determine the extent of the authentication process.
-
SSO (Single-Sign-On): The ability for users to access various applications within an organization and applications of partner service providers is the key premise of the SSO. It provides convenience for the user and easy of service provision for the service providers.
-
SCIM (System for Cross-Domain Identity Management) support: In a multiapplication and multi-partner service provisioning it is imperative to have a solution that can support cross-domain identity management. This leads to the seamless provisioning of authentication services across the various applications that the user accesses.
-
Directory Interface: In a multi-partner scenario there could be a requirement to support the interface to multiple directories used by the different partners.
-
Privileged Accounts Management: Audit trail of privileged accounts. Prompt access right provisioning and control.
-
Policy-Based Access: Attributes based access control is an additional layer of security which should be incorporated by an IDaaS system for higher level of security.
Benefits
Service Provider
-
Reduced cost of ownership. No investment in infrastructure to manage authentication.
-
Ease of deployment.
-
Reduction in the time to market. Self-service by users reduced customer support complaints.
-
Elevated user experience.
-
Enhanced cross-domain partnerships.
User
-
Convenience and ease of use.
-
Risk reduction due to forgotten passwords.
-
Safety from identity theft.