Identity & Single Sign On

Architectural overview
Functional overview
Component overview
Functional flows

Functional overview

Helpdesk Functionality

Change Birthdate, Name, Phone number, Email etc
(Un)Block user, (Re)Invite user
Search / Integration CRM

Non functionals

Certification
Security Standards
Performance
Law

Security Protocols

LDAP, OAUTH 2.0, SAML 2.0
Kerberos

Self Service

Change password
Update phone number

Session Management

Identity Matching
Logging and Reporting
Session fictation protection
Session timeout

Single Sign On/Out

Within Domain
Cross Domain

Identity synchronization

Feed your CRM with
the updated identities
from the CIM Platform

Analytics and insight


Consumer
Identity
Management

Onboarding

Just in time signup
Just in time migration

API centric

Authorization management

Manage fine-grained authorizations
Delegate management to super users

The expectations for consumers are set by webshops like Coolblue, Apple, Amazon and Google. Insurance companies can now start to impress users and meet higher demands from business and regulation. The Onegini Consumer Identity Management solution - as a part of Onegini Connect - contains components you can easily add to your existing enterprise architecture. The picture above shows the high-level functionality the platform provides.

Component overview

In the overview below you see the various components in CIM (Consumer Identity Management) and with which components they interact in your current architecture. The CIM solution contains an IDP solution and a User Management Application. Indicated with blue you see the components that are part of the core Onegini Platform stack. White components are typically present in your current architecture.

IDP
Consumer
Laptop / Desktop /
Mobile etc
External IDP's:
Social (e.g. Google, Facebook etc)
Enterprise (e.g. LDAP, Active Directory)
Government ID's (e.g. iDIN, itsme, BankID) 
External
User 
Repository
Browser
Synch or
(JIT) Migration
ID related
E-Mail
SMS
Enterprise 
Portal, API
or 
Website (CMS)
Helpdesk /Admin
User Management
Application
Security Proxy
Out of Band 
2d factor
MSP
Simplified, click for
more details
Push messaging
Provider
Mobile
Phone
Delegated User Management
Intermediary /Admin

Functional flows

CIM handles the complete spectrum of capabilities related to delivering a seamless and secure customer experience.

Onboarding / 
User Registration
Authentication:
Login
Portal / CMS / API
Access
Secure
  Business Transactions
Self Service
Management & 
Control
Just in Time
User Migration
Step Up
(Optional)  
Device registration
Delegated User
Management

(JIT) Migration:

Thanks to Just In Time migrations, you can let users automatically migrate to 1 standard across all of your platforms. The customer may not even be aware of it at first.

Onboarding / User Registration:

Making this process as simple as possible is the key to your success. As millions of consumers are going to use this process, any hiccup will lead to undesired fallout. The registration process for customers and prospects is different. Whereas customers require a more secure registration to prevent exposure of private data to the wrong people, for most prospects this robust identification is less important.

Secure business transactions based on levels of assurance:

When you are a prospect, you just want to explore your possibilities without going through many steps to sign up. When you really become a customer identification and more is required. The CIM products supports many forms of identifications, like E-mail verification, GSM verification, ID check, Bank Transaction check, Address check, and more. In time your customer will build towards a higher Level of trust (identification)

With digital identities you want to reduce the risk of identity theft. This means that the level of trust is not only defined by the initial identification, but also with what we call continuous multifactor authentication. Multi factor is a way to make sure you are who you say you are by checking different factors. Based on your behavior, CIM could ask for extra authentication (making it continuous authentication). CIM allows you to create your own levels of assurance (LOAs). You can use a market standard like STORK or configure your own levels by:

  1. Configuring identifications required per level.
  2. Configuring required level of assurance per service provider.
  3. Configuring level of assurance per identity provider.
  4. Configuring level of assurance for Two-Factor authenticators like for example text/SMS, mobile or Google Authenticator.
  5. Configuring required level of assurance for changing attributes like for example SMS, name, birthdate, and more.

Device registration for second factor login:

When you want to give your users the option to login using a second factor like a mobile phone, the user is required to register the device. There are a number of possibilities to enable the device registration and handling of second factor authentication. You can either enable your current apps to handle the second factor or you can use an existing authenticator app provided by Onegini which provides the functionality for you.

Authentication / Login:

Yesterday customers logged in with username/password or social, today they want to login with a mobile device. The consumer decides the preferred login and wants to change preferences over time. CIM supports all that.

Self service:

Self-service is critical. If your procedures are unclear and little self-service is available, more than 30% of the calls from your helpdesk might be related to this.

Delegated user Management:

If you are dealing with intermediaries and have problems with distributing authorizations among them DUM is for you. You can let your intermediaries take care of the user and authorization management themselves.

Managing and monitoring:

Consumer Identities, CIM is the digital front door of your organization for consumers and partners. Of course you require full audit trail, event trail and monitoring capabilities.