If you want to secure your applications and keep your customer data safe you need to get identity and access management right.
All businesses need to protect their applications from malicious and/or fraudulent use. All businesses have legal obligations to keep their customer data safe. Getting this front door in place starts with IAM.
You’re the expert in how you do business with your customers. We’re the IAM experts. Because we’re specialists, we’ll identify where we can deploy IAM patterns we’ve used before.
User on-boarding, identity verification and identity assurance
Identity assurance comes down to risk: how sure do you need to be your customer is who they say they are before you let them in? We start by assessing your relying party applications and deriving a risk score. We’ll then map to the necessary identity assurance level. Then it’s about understanding how a user meets each assurance level and where the identity assurance elevation needs to happen.
It’s rare to start from a blank sheet. Whether you’re moving to new IAM capabilities or on-boarding new applications to existing services you’ll need to bring your customers with you. You’ll want to avoid asking them to set new credentials but you won’t (shouldn’t!) have access to their current passwords (pre-migration). Big bang should be avoided where possible to minimise disruption so this means just in time (JIT) or seamless migration. We’ll help you understand where your existing user data stores/IdPs reside and what data we can get. We’ll then migrate existing usernames to your new service and set a flag to identify accounts for migration. When a user accesses a service and is prompted to sign in, we’ll direct them to your legacy IdP and – on successful authentication – write their password to the new service.
Modern authentication (OIDC)
Many businesses have SAML (Security Assertion Markup Language) applications providing essential services, but these are difficult to maintain and too expensive to re-engineer. We’ll help you on-board your applications to modern authentication capabilities (such as OIDC) with minimal re-work, so you can take advantages of modern authentication best-practices.