SSO for web applications, mobile applications and APIs, whether they are hosted on-premise or in the cloud. Support for OAuth, OIDC, SAML, WS-Security and Kerberos SSO.
Configurable user journey for authentication, authorisation and user onboarding and credential management, tailoring the solution entirely to the customer expectations providing a uniform access experience for users.
Policy driven integration with almost any repository in your environment or in the cloud due to a wide range of supported directory standards.
Based on an ABAC (Attribute Based Access Control) engine that can take any attributes into account to make access control decisions for protected resources.
Select the authentication mechanism based on the sensitivity of the accessed application and the user context (e.g. IP range, device fingerprint, geo-location). Easily enroll for the required authentication mechanism.
Flexible reporting to either local files, syslog, database, and or 3rd party reporting engine.
End-usersEnd-users are the actual individuals accessing your corporate applications and resources, using web, mobile or even APIs. These users are your corporate employees (B2E), customers or prospects (B2C). In B2E and B2C scenarios, the relationship and end-users identities are directly managed by your company.
Federated authenticationUsers are authenticated by a trusted 3rd party. The advantage for your company is that you do not have to take care of all infrastructure and processes to manage the user credentials, and have a broad choice of authentication assurance levels. End-users do not need to register for yet-an-other-account and get single-sign on to access your corporate resources. Examples of such parties are: Microsoft Azure (B2E), Social networks such as Google, Facebook (B2C). In some countries, companies can benefit from authentication mechanism provided by governmental authorities, usually to get a high identity assurance on the actual user.
Third partiesEnd-users can be also users of a 3rd party with which your company has a business relationship (B2B). Non-limiting examples of such parties are your business suppliers, partners or ICT outsourcers. The key characteristic is that the relationship remains at company level. Individual users identity and authentication are managed directly by these 3rd parties. Use of federation protocols allows the end-users of these 3rd parties to get single sign on to your corporate applications and resources.
Cloud applicationsApplication deployed on cloud can be of any kind; commercial SaaS such as Microsoft Office 365, Google Suite, Salesforce, … This can also be in-house developed applications running on cloud IaaS plaftorms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud, … All cloud applications of course will need every individual users to be authenticated so that they perform fine-grained authorization decision on their own. Any application which is compliant with standard federation protocols (SAML, OIDC, …) are supported.
Commercial applicationsThere are still many applications running on your premise, many of them being Commercial off-the-shelf software (COTS) such as SAP, … Their key characteristic is that since these are made by Independent software vendors, you cannot easily modify the way the application ‘consume’ identities. It is thus necessary to find integration hooks with them to achieve Single sign on.
In-house Developed applicationsMany companies still have numerous in-house developed applications, running on-premise. These might require either specific security measures – like strong authentication – or productivity enhancements such as benefiting from single sign on. The applications are developed using various technology and framework such as Microsoft.NET, JBOSS, IBM Websphere, … Their key characteristic is that you have some level of control to modify the way the application ‘consumes’ identities
Multi-factor authenticationSome application actually mandates a higher identity assurance level than the one provided by some username/password. Organizations have started investing in multi-factor authentication (MFA) for years, in assets like physical cards/tokens, directories, 3rd party software,… and processes. One of the challenges is to keep up with the pace of change of MFA technology, balancing security, simple end-user experience and TCO. TrustBuilder can integrate with existing (already deployed) MFA technology and actively supports 3rd party technology vendors such as RSA, Gemalto, Onespan… We also have our own ‘Phone as Authenticator’ solution called TrustBuilder for Mobile.
CIAM versus IAM
Do you have to make a choice?
It is clear, Customer Identity and Access Management (CIAM) faces different challenges than Enterprise Identity and Access Management (IAM).
While CIAM usually deals with larger user communities, IAM mainly focusses on a wider range of applications.
While IAM users are mostly defined upfront and are stored in various repositories (AD, LDAP, DB, …), CIAM users should be able to bring their own identities (Google, Facebook, eiDAS, …) and use self-services to manage them.
With Trustbuilder the need for two distinct solutions is eradicated. Indeed, Identity Hub provides a modular and flexible platform that can easily be tailored to deal with both CIAM and/or IAM requirements in one single solution.
MANAGING IDENTITIES IN A DISTRIBUTED WORLD
The Identity Gap Challenge
In today‘s distributed world, applications and identities may be hosted on-premise or in the cloud.
In such environments, modern organisations are increasingly challenged with finding a balance between self-control of identities and applications and delegated management. These organisations are facing an Identity Management gap between identities and applications.
TrustBuilder Identity Hub provides a powerful and flexible solution that closes the Identity Management gap in these heterogenous environments.
Using its powerful policy engine TrustBuilder Identity Hub will be able to identify your customers, employees and partners against any combination of repositories you might already be deploying, either on-premise or in the cloud.