User Management Module

The core of CIAM is authenticating and authorizing users. We support globally accepted protocols and adhere to the latest security recommendations. Additionally, we integrate with various external identity providers to offer identity federation, ensuring flexibility and business benefits.

UMM Features:

Most popular protocols support:

• Open ID Connect

• OAuth 2.0

• SAML 2.0

Social login supported (i.e. Google, Facebook)

Identity federation available (you can you can use your chosen identity federation service)

Internal identity storage

Access restrictions at UMM or application level (based on token details)

Session manager/token manager

Log and registration monitoring “Log manager”

MFA allows linking account with popular authentication apps

The business today requires specialized set of IT tools in order to maximize efficiency, reach goals and be successful whatever you do. This may however bring in some drawbacks like necessity of integration between systems or being forced to switch between tools using multiple credentials to authenticate.

This is where your organization, meaning your employees and customers, benefit from Single Sign On (SSO) and Single Log Out (SLO). Having a single set of credentials centrally stored, allows to authenticate in the whole set of tools that one needs, enables you to deliver more user friendly, efficient and secure experience. On top of that leveraging dedicated SLO mechanisms (token invalidation, session termination, web hooks notification, session termination API calls…) helps you to keep your clients’ access under control and resources out of the reach of unauthorized parties.

Key benefits of SSO and SLO:

Full control over authentication in distributed environment (sign in/out everywhere)

One set of credentials to be remembered (user comfort)

One log-in action to authenticate in the whole ecosystem (improved productivity and user experience)

Reduced support costs / help desk effort (one authentication provider to manage)

Improved compliance and security (centrally managed password policy)

Facilitated B2B and empowered loyalty (already have an account? Just sign in!)

Unified and centralized user profile is the core value that every IAM/CIAM system brings in.  Not only it makes SSO straight forward, but provides wide set of possibilities concerning user management, security enforcement and compliance.

Having users and/or customers profile data centralized gives you incomparably better view and understanding of your business.  Unification of the profile significantly speeds us in-house development as all the APIs handling profile data are already available and all processes concerning authentication and authorization are ready for applications you’d like to on-board.

CIAM with centralized profile is also a great tool for both your help desk to support users and clients themselves to benefit from all self-service capabilities.

CIAM Is a good candidate for all kind of user data with high reusability ratio and strong personal character (like personal data, email, phone etc.) but please keep in mind that application specific data should not reside there as this may lead to data redundancy and undesired system dependencies.

Key benefits of unified and centralized user profile are:

Natural MDM candidate for customer data (stored centrally)

Empowering SSO/SLO capabilities (single user repository)

Good overview of users/customers (centralized repository)

Unified technical means for accessing user data (common, reusable model and APIs)

Natural Help-Desk tool (to manage user profiles)

Extensive self-service capabilities (centralized profile page)

Transparency of tool set changes (no user action required for new applications)

Simple profile change management (profile change applicable everywhere)

Common experience – consistent user experience

UMM has implemented a set of dedicated mechanisms to provide custom services for B2B sector. Not only we support the notion of user roles and user groups but we have introduced an additional level of granularity which is an account in the meaning of organization. You can configure account owners that are able manage account members, resource access on both user (account member) and account (organization) level as well as create custom workflows and processes on the account (clients’ organization) level. Mentioned set of features is covered by Account Management Module (AMM).

For simple B2C case where we deal with end consumers only, the account level does not have to be used.

Benefits:

Better fitting to B2B needs

Set of tools for organization self-management:

• user management

• roles and status management

• user invitations and on boarding

• application subscription management

• Password reset

Pre-populated forms for account specific registration

Fine grained resource access (user or organization)

Account dedicated custom processes

Consumer and Business oriented architecture

Account in-house members support (e.g. session logs, password reset)

Account specific reporting ( users search, subscriptions status etc.)

CIAM, by definition, is an IAM system which is improved by a set of Customer oriented functionalities. One of the most beneficial of them is so called “progressive profiling” and can be considered as a set of behavior patterns for smooth on boarding and ongoing acquisition of customer data.

The idea behind this approach is to start with on boarding a customer / user with as easy and user-friendly process as possible, gathering only data and consents that are absolutely required. When the users feel part of the ecosystem already, the goal is to encourage them to provide next pieces of data providing additional services in exchange.

UMM also features an invitation mechanism where users (including account admins) can invite other persons to register in their tenants’ CIAM. Combination of the 2 mentioned mechanisms makes UMM a perfect tool to deliver smooth and effective customer and employee on boarding process.

Key features:

Empowering marketing campaigns

Fast and effective customer/user on boarding

Multi-step custom registration process

New user acquisition perspective (user-to-user invitations)

Leads perspectives (quick registration)

Best user experience through reduced friction (simple form for simple registration)

Prioritization of profile attributes

Dedicated user on boarding workflows (depending on application, geo-location etc.)

In order to be successful in terms of customer acquisition or UX it is not enough to provide users with a single registration from. Those may differ depending on application user is registering through, type of user/customer, regional preferences or even the on boarding process we build because of specific business needs. Moreover in the case of in house developments you’d need to build all those forms for each of your applications from scratch.

This is why we have introduced “Widget Server” that defines, renders and handles all the forms for you. In other words applications simply need to embed UMM widgets and the rest is handles by UMM. We like to call those forms “widgets” as they are far more sophisticated than simple forms, as they can be defined using UMM Widget Definition Language (WDL), are fully adjustable in the context of styling, may handle consents, implement business rules and be a part of progressive profiling process.

Key features:

Security monitoring and logging included

Standardized widgets/forms – ready to be used by integrated applications (iFrame, SDK, API call)

Custom CSS styling that can be overwritten locally (by application)

Easy form customization using WDL

Forms related processes fully handled by CIAM

Data on the fly security out of the box

Consent management handled within widgets

Progressive profiling support

If you think about compliance, privacy and transparency of personal data processing consent is probably the first thing that comes to your mind. Personal data protection is a hot topic nowadays, especially due to GDPR. It is fair to say that If you can’t seriously manage consents you should not be processing any personal data at all.

We have built a dedicated solution called: Consent Management Module (CMM) that handles consents in far more sophisticated manner that it is even required by GDPR and similar acts. You can define different consent per user role, application, region etc, you can configure business processes based on consent statuses, you can manage them, track them and trigger automated actions on data that they concern.

Highlights:

Consent event log

Multi-level consent capabilities (region, application, user role …)

Consent lifecycle management and notice versioning

Consent action driven process triggering

Centralized consent management panel for admins and users

Physical bound consent to profile attribute

CIAM is not only about authenticating users (allowing them to log in) but also to handle authorization of users to access a set of resources. Those can be front line applications, back end services, APIs,  file repositories, SVN branches and others. This kind of access control in UMM is called subscription management.

In order to make it fit to common business needs subscriptions can be conditional depending on user profile status as well as other profile attributes, moreover it can be defined on levels like: user and account (organization) and have its own dedicated attributes. We have also provided subscription management panel for account representatives at given permission level.

Key features:

Subscription management self-service on account level

Auto or manual subscription provisioning

Customrules based on multiple factors( market , language…)

Subscription level attributes

Subscription management panel

Invitation to subscription mechanism (AMM)

UMM integrates with external applications not only for the purposes of authentication and authorization. Complete CIAM solution needs to be a part of many processes involving multiple systems in your organization hence integration ease is crucial for making it a core piece of your organization’s system architecture.

Key features:

Mail campaign management service available

ESB for online integration flows

ETL mechanisms for offline/batch integration

Cloud communication monitoring

SMS notification service available

Mail notification service available

Every organization needs to know what is user activity, how does the application perform, where are the bottlenecks, what are the health reports of the services and many additional business specific metrics and KPIs. UMM supports this needs with a built-in reporting module which can be setup to monitor any system related events on-line. Reporting module can visualize key metrics in graphical form to give you a quick overview of system status and process performance.

Key features:

client application status and health check

on-line performance monitoring and visualization,

key business process KPI definition and visualization,

flexile metrics definition,

custom triggers and event driven monitoring,