User Management Module

Manage access and passwords to all applications with a single panel. Optimize the time needed for implementing new applications by using ready-made components. Shorten the sign-on time with SSO mechanisms.

What is UMM?

The User Management Module (UMM) is BlueSoft’s answer to the growing need for innovative user identity management methods, secure sign-on and permission consolidation in the organization.

UMM draws from the best practices in the area of Customer Identity and Access Management (CIAM), implementing standardized communication and appropriate data encoding method while preserving the flexibility necessary for the product to be universally applicable.

The User Management Module enables managing the scope of access to the application and the content visible to dedicated users. Adaptation to the organization’s changing needs in the areas of regionalization and market segmentation helps to achieve innovative advantage. Intuitive operation of both the administration and sign-on processes influences the users’ good perception of the product.

Stability while using the solution is guaranteed – each component is installed in a separate availability zone. A failure of one of the components does not result in a breakdown of the whole solution.

Security

Secured communication with Common Business API

Encoding and control over user data stored in the system

Stability

High availability of each component

Fast error handling

Immediate anomaly detection

Scalability

Two-dimensional performance:

vertical – achieved by using the better-performing instances of the server

horizontal – achieved by adding nodes to particular layers

Standarized API

Easy integration with external systems by using flexible MULE ESB – examples of application:

external identity provider,

external mailing provider,

external data sources,

source data synchronizing.

Adaptability

Simultaneous use of Service Oriented Architecture (SOA) and Event Driven Architecture (EDA)

Module structure including services, messages and events

Using the SaaS (Software as a Service) model reduces the time needed for adapting the existing IT infrastructure

Effectiveness

Implementing a maximum scope of functionality within a minimum solution installation time

Preserving business continuity during migration

Intuitive operation, directly influencing users’ training time

Benefits of implementing UMM

Introduction of a corporate standard of managing identity and access to commercial applications
Unification of the user data update channel
Significant reduction of the cost and time of building new web and mobile solutions
Flexible configuration of access control at the country and application level by using a decision rule engine
Dynamic management of the scope of permissions and available subscriptions
Handling hundreds of thousands of sign-ons to the application. Average sign-on time ~0.5 sec
Standardization of user data exchange method
Introducing several levels of user management, depending on the size of the organization, as well as dedicated methods of communication with the end user (direct/indirect)
Introducing flexible user registration models depending on the legal regulations in force and business decisions
Providing access to extended information about a user’s profile and related objects with a universal REST API set
Unified user profile. The gathered data is available in one place for the purposes of data mining, segmentation, reporting, statistics, etc.

Your new application is designed to use its own access credentials? You may need to get back to the drawing board.

UMM fully supports the scope of GDPR.

Take mindful actions when managing identity.

A holistic approach to User Management Module implementation will let you centralize identity management, automate permission granting and react dynamically to the changing legal regulations concerning security policy.

How will GDPR influence management in your organization? Each organization is obliged to adapt to the regulation’s principles.

Restrictions on data management – from acquiring and entering it into the system for the first time, through securing the stored and processed data, to erasing the data from the system and not using it anymore.

Types of data falling under GDPR:

Personal data
Web data
Data concerning health
Sexual orientation
Data revealing racial or ethnic origin
Political views
Biometric data

Key changes:

Extended territorial scope if personal data of EU citizens are being processed, it does not matter whether the organization using the data operates in the EU.

Consent management consent to personal data processing is given for a scope of data for a particular purpose. The consent form has to be clear and easy to understand. It has to be as easy to withdraw consent as it is to give it.

Consent to processing The user gives consent expressed in a clear and comprehensible manner. Giving consent must include an interaction on the part of the user. It means that a situation in which consent checkboxes are ticked by default when the user proceeds to the next step of the process is unacceptable.
Reason for processing The reason for processing data had to be clearly stated. Processing data entails storing it.
Consent tracking Consent tracking makes it possible to establish whether there was a reason for processing a particular scope of data at a given stage. Whether consent for processing a particular scope of data should be verified each time before it’s processed. Changes to the given consent always influence the processes – both newly started and ongoing ones.
Data breach notifications obligation to notify the authority on data breach within 72 hours from its occurrence. The organization is obliged to react immediately when a breach is detected and prepare a report on it.
Access right continuous possibility to obtain information on the scope of use and processing personal data. Possibility to add, edit and erase data at any moment. At any stage of data processing, the owner of the data can request information from the organization about the scope of the owner’s consent and the scope of data currently used by the organization.
Right to be forgotten the owner of the data is the data subject. Withdrawing consent to process data results in erasing the data from each component which processed it. The organization is obliged to react immediately to changes to the given consent.
Privacy Impact Assessment (PIA) a process for identifying and minimizing risk related to ownership rights in new projects and policies. Measurement of an organization’s capability to ensure security of sensitive data.

Right after its implementation, the User Management Module becomes a central user registration and identity management mechanism, ensuring complex access control for all used applications and authentication (SSO).

The tool’s characteristics are user-friendliness and clear operation for administrators.

A coherent interface and intuitive operation influence the perception of the solution from the first use. Optimization of the time needed to access particular applications (~0.5 seconds) influences the effectiveness of performing business processes in the organization, leading to an increase in overall business effectiveness. Technological complexity of the User Management Module does not influence its implementation time. Implementations for applications all over the world were successfully conducted without interrupting business continuity. Using dedicated on-line and off-line data loading processes ensures uninterrupted availability of the processed data.