Access and Authentication

Modernizing your B2C Portal Security – A thoughtful approach

Share this post:

As we have described the situation that many of our customers are in today, and our proposal for a better future state, we come to realize that for many, this transition is a journey, and a single big bang transition is not practical for many.  This blog entry will outline an approach to start such a journey and to gain value quickly.

Moving the Registry

A first start would be to move the user registry from on prem into the cloud.  This allows you to offload a large operational burden related to the tuning, scaling and operations of a large database or user registry.  The following diagram will show the components and their interactions related.

In this initial step, only the Portal specific code has to change to leverage the REST API’s of the cloud to perform authentication and user management using the API’s.  This step is completely transparent to any existing user and supported portal application.

Moving Authentication and adding Enhanced Access

The next step is to move authentication into the cloud, which not only moves it, but this step allows the integration of new Enhanced Access controls such as multi factor authentication, one-time password operations, etc.   Integration between the CI components and the customer portal would leverage the openID connect protocol.

With this step, any new capability related to the authentication can be easily adopted and integrated, all features (existing and new) of CIV can be leveraged as soon as they become available.  The ability to customize and brand the CI pages allows the authentication portal to be integrated with your application portal in a frictionless and seamless manner.

From an operational perspective the CI portal can be integrated with an existing on prem directory to manage and grant access to the help desk team to manage customer identities.  This capability would be restricted and tightly controlled natively by the CI application and enable to business to control and audit customer identity operations.

Portal in the Cloud

In this step, the portal itself will exist in the cloud, leveraging the CI capabilities in managing users and access, as well as authentication and access control.  The ability to brand and manage the look and feel of the portal allows for a seamless integration with your existing enterprise web presence.  The only portal component remaining on prem is a proxy component that allows existing applications to be access using the openID connect protocol.  Allowing these applications to be accessed like any other “cloud” application.

This journey to the cloud, represents an executable approach to moving an existing portal.

In the next part of this series we will take a look at one of the complicating factors that we see when trying to move a portal to the cloud.  In many cases, we have encountered customers that access an existing Identity Registry directly, using the LDAP mechanism.

Click here to rate this article

Rate this article :

Senior Architect, World Wide IAM Domain Leader

More Access and Authentication stories
By Jeroen Tiggelman on August 4, 2019

IBM Security zSecure Suite 2.4 announced

IBM Security zSecure suite V2.4 was announced on July 23, 2019 with a planned availability date of September 30, 2019. You can read the US announcement letter here. RACF has made new JSON Web Token functionality in support of Multi-Factor Authentication also available for z/OS V2.2 and V2.3. Details about zSecure compatibility fixes can be […]

Continue reading

By Gerard Boekhoud on July 24, 2019

IF001 for IGI now available

On July 19, 2019 we made  IF001 on top of IGI publicly available on FixCentral. This iFix include some strong performance improvements especially within the Access Certification module. Improvements are made in the following areas: a. Time to launch Campaign Summary Page (Especially in the event of a high number of campaigns). This improves by […]

Continue reading

By ADAM CASE on May 10, 2019

Getting started with IBM Verify

Getting started with IBM Security Verify for Multi-factor authentication With IBM Security Verify you have the ability to apply multi-factor authentication anywhere, using one authenticator. From Linux shell access to Windows remote desktop, even custom development with IBM Security Verify APIs, you can take full advantage of no infrastructure costs, third party subscriptions for voice, […]

Continue reading