Identity and Access Management

READ MORE

01

Identity & Access Management

What is IAM?

Asseco Identity and Access Management is an all-in-one solution for the authentication of applications and secure services, delivering seamless user experience. Applications and services (Clients) that connect to the Asseco Identity and Access Management server don’t need user credentials anymore – Tokens are used instead.

Issues solved by IAM

  • Difficult account administration and relatively high maintenance costs
    • IT Admins manage user accounts on physically different places (applications, servers…)
    • There are orphaned accounts in applications, which IT Admins have forgotten to remove -> security holes
    • Companies spend an estimated average of $20-30 per user/year on password resets or credential reissuing procedures
  • Lack of Auditing/Compliance
    • Applications implement very limited or no audit capabilities
  • Authentication inconsistency
    • Each application can have different strength of user authentication (password, certificate, token…)
    • Not every application has sufficiently good authentication mechanisms
    • In some cases authentication level & complexity is higher than necessary
  • Lower user experience and consequences
    • Users get confused in regards to the accounts and credentials they have to use
    • Users forget their credentials
    • Typical users are not aware of security threats – they often reuse the same password for different applications

02

Identity & Access Management

IAM - Central infrastructure to manage users, roles and access to applications or resources

Technical solution

Key components

01

User management

Functions of user account provisioning/de-provisioning

02

User repository

Repository of user account identity information

03

Authentication

Functions of authentication and session management

04

Authorization

Archive/repository of authorization attributes, rules or roles

01

Identity & Access Management

Benefits

  • Saves time and money
    • Improves IT efficiency -> a single place to administer user identity and access rights
    • Reduces time needed to deliver applications and services -> no need to reimplement authentication mechanisms across applications and services
  • Enhances security
    • Single point of authentication
    • Controls a person’s access to multiple applications at one place
  • Universal monitoring and auditing
    • Authentication monitoring and auditing in one system
    • Enables user behavior analysis and better fraud detection
  • Higher user satisfaction
    • Reduced complexity for end-users, application owners and IT Admins
    • A single sign on (SSO) access to all applications and services that a person needs by signing in only once, using a single user account

01

Identity & Access Management

Integration with SxS

An integrated solution that responds to the challenges of opening Bank APIs to third parties.

Challenges of opening Bank APIs

  • API Security
    • securely expose legacy systems to third party providers via APIs
    • ensure granular access to security policies
  • Customer authentication
    • securely expose legacy systems to third party providers via APIs
    • ensure granular access to security policies
  • Third party API access authorization
    • issue and manage API access permissions to third parties
    • a customer should be part of the authorization flow!
  • Customer consents
    • Customers should give explicit permissions for third-party access to their accounts
    • Permissions should be recorded and customers should be able to revoke them!

05

Identity & Access Management

Integration with SxS has been developed to be PSD2 compliant

Authentication and authorization flow

Customers authenticites to bank’s digital channel to access account

01

Customer authenticates to bank (PSD2 requires SCA)

02

Customer gives permission for third party application access

03

Third party application gets authorization for using customer’s account

06

Identity & Access Management

IAM + SxS

IAM

API Access Security

  • Allow third-party providers to access customer accounts when the customer has given explicit consent!
  • Offer an easy-to-integrate API security protocol based on

Identity and Consent Management

  • Store customer identity, consent and policy data
  • Empower customers with total control over giving and revoking consents for access to their accounts

SxS

Strong Customer Authentication

  • Provide strong and user-friendly two factor customer authentication, enabled by the mature and proven Asseco SxS solution

Scenarios

PSD2 Access to Accounts.

Empower banks to open APIs to AISPs and PISPs in compliance with the PSD2 requirements.

  • Sharing customer account data with AISPs (Account Information Service Providers)
  • Payment Initiation from PISPs (Payment Initiation Service Providers)

Bank as Identity Provider.

Start new business models based on customer identity sharing, with customers' consent-> The Bank knows its customers and has highly accurate and valuable information about them!

  • Automatic registration for third party online services that require verified and accurate customer information
  • Identity validation within third party online services (Insurance, Government…)

Get in touch

Please enter your first name

Please enter your last name

Please enter your company

Please enter your e-mail

Please enter your inquiry

Download datasheet

Please enter your first name

Please enter your last name

Please enter your company

Please enter your title

Please enter your e-mail

Please enter your phone number

Please enter your country/region