Lack the ability to allow customers to delegate authority to partner systems , allowing them to interact with platform services on their behalf, without requiring a username and password for each interaction.
| Customer Identity and Access Management | |
|---|---|
| Service level | Very High. Extreme spikes |
| Business Driver | Strengthen partnerships by linking accounts. Attract and retain customers |
| Scale | Millions |
| Privacy | Customer-centric |
New and/or existing customer and partners ability to utilise Identity and Access Management capabilities.
| # | Capability | Description |
|---|---|---|
| 01 | On Boarding / Off Boarding | Ability to automate provisioning and de-provisioning of staff system access. |
| 02 | Entitlement governance | Ability to review and certify staff system access and entitlements. |
| 03 | Password management | Ability to allow users an intuitive, self-service experience for managing and resetting passwords from any device. |
| 04 | Single Sign On (SSO) | Ability to deliver reliable integration for SSO to all channels (web, chat, native mobile and partner systems) with a federation engine and flexible access policy. |
| 05 | Adaptive Multi-Factor Authentication (MFA) | Ability to deliver factors such as: security questions, passwords, sms OTP,email OTP,software OTP |
| 06 | API Access Management | Ability to manage API, session and token requests. |
| 07 | Identity life-cycle management | Ability to manage users digital identity throughout the life span of the identity (create, update, govern, remove). |
| 08 | Universal directory | Ability to centrally store and manage user, application, devices and group attributes. |
| # | Capability | Description |
|---|---|---|
| 09 | Device recognition | Ability to create unique device profiles for each user. |
| 10 | Threat reputation service | Ability to examine device IP an agents across millions of nodes to determine if it is associated with any: bad actors, anomalous behaviour, blacklisted IP addresses |
| 11 | Geo-location | Ability to identify where users are located and logging in from. |
| 12 | Geo-velocity | Ability to identify multi login attempts by a user, from different locations, within short time intervals. |
| 13 | Geo-fencing | Ability to define geographical barriers to entry. |
| 14 | Phone number fraud prevention | Ability to block access requests from ported phone numbers |
| 15 | Behavioural biometrics | Ability to build known good user behaviour profiles |
| 16 | User and entity behaviour analytics | Ability to handle access requests based on user behaviour |
| 17 | Directory services | Ability to check user's identity profile against a known directory |
| 18 | Know Your Customer (KYC) | Ability to integrate into industry KYC services |
- Cloud enabled:
- SaaS (preferred)
- Deployed in our cloud
| # | Capability | Description |
|---|---|---|
| Password management | self-service registration, account management and account recovery features. | |
| Single Sign On (SSO) | Client authentication to internal and partner applications, using a common set of credentials or social login. | |
| Access management | Client access revocation through IdM API's. | |
| Scale and Performance | Low-latency, high-performance access to identity and profile data from many millions of customers. | |
| Privacy Management | Enforcing customer consent and governing access to identity data on an attribute-by-attribute level to ensure privacy regulatory compliance | |
| Geo-fencing, Geo-velocity and Geo-location | Detect where clients are logging in from. Ensure a single account is not being used in multiple locations.Ensure request is not outside of the Geo-fence | |
| Adaptive Multi-Factor Authentication (MFA) | Secure, customizable MFA that balances security and convenience for clients (i.e OTP for transactions changing customer details) | |
| Passwordless authentication | Authenticate users via a universal login, which usually incorporates the following steps:Users click login, and the auth SDK redirects them to the login page on the web. Lock Passwordless asks them for a phone number or email, whichever type you chose. The prompt changes to ask them for a code that they will receive by the designated method. Once they enter the code, the transaction will finish and the user will be redirected to your app along with their credentials. |
