User Management Module
Manage access and passwords to all applications with a single panel. Optimize the time needed for implementing new applications by using ready-made components. Shorten the sign-on time with SSO mechanisms.
What is UMM?
The User Management Module (UMM) is BlueSoft’s answer to the growing need for innovative user identity management methods, secure sign-on and permission consolidation in the organization.
UMM draws from the best practices in the area of Customer Identity and Access Management (CIAM), implementing standardized communication and appropriate data encoding method while preserving the flexibility necessary for the product to be universally applicable.
The User Management Module enables managing the scope of access to the application and the content visible to dedicated users. Adaptation to the organization’s changing needs in the areas of regionalization and market segmentation helps to achieve innovative advantage. Intuitive operation of both the administration and sign-on processes influences the users’ good perception of the product.
Stability while using the solution is guaranteed – each component is installed in a separate availability zone. A failure of one of the components does not result in a breakdown of the whole solution.
- secured communication with Common Business API
- encoding and control over user data stored in the system
- high availability of each component
- fast error handling
- immediate anomaly detection
- vertical – achieved by using the better-performing instances of the server
- horizontal – achieved by adding nodes to particular layers
easy integration with external systems by using flexible MULE ESB – examples of application:
- external identity provider,
- external mailing provider,
- external data sources,
- source data synchronizing.
- simultaneous use of Service Oriented Architecture (SOA) and Event Driven Architecture (EDA)
- module structure including services, messages and events
- using the SaaS (Software as a Service) model reduces the time needed for adapting the existing IT infrastructure
- implementing a maximum scope of functionality within a minimum solution installation time
- preserving business continuity during migration
- intuitive operation, directly influencing users’ training time
Benefits of implementing UMM
Introduction of a corporate standard of managing identity and access to commercial applications
Unification of the user data update channel
Significant reduction of the cost and time of building new web and mobile solutions
Flexible configuration of access control at the country and application level by using a decision rule engine
Dynamic management of the scope of permissions and available subscriptions
Handling hundreds of thousands of sign-ons to the application. Average sign-on time ~0.5 sec
Standardization of user data exchange method
Introducing several levels of user management, depending on the size of the organization, as well as dedicated methods of communication with the end user (direct/indirect)
Introducing flexible user registration models depending on the legal regulations in force and business decisions
Providing access to extended information about a user’s profile and related objects with a universal REST API set
Unified user profile. The gathered data is available in one place for the purposes of data mining, segmentation, reporting, statistics, etc.
Challenge: Are you ready for GDPR?
On May 25, 2018, the GDPR (General Data Protection Regulation) enters into force.
UMM fully supports the scope of GDPR.
Take mindful actions when managing identity.
A holistic approach to User Management Module implementation will let you centralize identity management, automate permission granting and react dynamically to the changing legal regulations concerning security policy.
How will GDPR influence management in your organization?
Each organization is obliged to adapt to the regulation’s principles.
Restrictions on data management – from acquiring and entering it into the system for the first time, through securing the stored and processed data, to erasing the data from the system and not using it anymore.
Types of data falling under GDPR:
Data concerning health
Data revealing racial or ethnic origin
Extended territorial scope
if personal data of EU citizens are being processed, it does not matter whether the organization using the data operates in the EU.
consent to personal data processing is given for a scope of data for a particular purpose. The consent form has to be clear and easy to understand. It has to be as easy to withdraw consent as it is to give it.
Consent to processing
The user gives consent expressed in a clear and comprehensible manner. Giving consent must include an interaction on the part of the user. It means that a situation in which consent checkboxes are ticked by default when the user proceeds to the next step of the process is unacceptable.
Reason for processing
The reason for processing data had to be clearly stated. Processing data entails storing it. Reasons why data may be stored:
- legal requirements with the applicable legal basis specified
- agreement on the provision of defined services where data processing is required
- user’s consent to storing and processing their personal data
Consent tracking makes it possible to establish whether there was a reason for processing a particular scope of data at a given stage. Whether consent for processing a particular scope of data should be verified each time before it’s processed. Changes to the given consent always influence the processes – both newly started and ongoing ones.
Data breach notifications
obligation to notify the authority on data breach within 72 hours from its occurrence. The organization is obliged to react immediately when a breach is detected and prepare a report on it.
continuous possibility to obtain information on the scope of use and processing personal data. Possibility to add, edit and erase data at any moment. At any stage of data processing, the owner of the data can request information from the organization about the scope of the owner’s consent and the scope of data currently used by the organization.
Right to be forgotten
the owner of the data is the data subject. Withdrawing consent to process data results in erasing the data from each component which processed it. The organization is obliged to react immediately to changes to the given consent.
Privacy Impact Assessment (PIA)
a process for identifying and minimizing risk related to ownership rights in new projects and policies. Measurement of an organization’s capability to ensure security of sensitive data.
- ensuring compliance with the privacy-related legal and policy requirements in force
- establishing risks and their potential effects
- assessing security measures and creating alternative processes to eliminate risks
Right after its implementation, the User Management Module becomes a central user registration and identity management mechanism, ensuring complex access control for all used applications and authentication (SSO).
The tool’s characteristics are user-friendliness and clear operation for administrators.
A coherent interface and intuitive operation influence the perception of the solution from the first use. Optimization of the time needed to access particular applications (~0.5 seconds) influences the effectiveness of performing business processes in the organization, leading to an increase in overall business effectiveness. Technological complexity of the User Management Module does not influence its implementation time. Implementations for applications all over the world were successfully conducted without interrupting business continuity. Using dedicated on-line and off-line data loading processes ensures uninterrupted availability of the processed data.