Share this post:
As we have seen in part one of this series, managing customer identities for a portal can be a challenge and distraction for the business. In this part of the series we will outline how a modernized solution for a portal security can simplify operations and free your team up to focus on the business at hand.
The new portal security would be based on a shared responsibility model with strict separation of risks and operational activities, relying on a discrete interaction model between the identity and authentication portal and the consumer business portal.
In this model the Cloud-based identity provider would be responsible for all of the following:
- Securely store the credentials and related identity information
- Scale in an elastic manner to provide virtually limitless user population growth
- Scale operationally to support user activities on an ongoing basis and to support special peek loads
- Future proof the portal by extending new capabilities on an ongoing basis
- Allow for customer branding of the portal, making it an integral part of your virtual presence
- Provide a frictionless experience for the end consumer managing their own identities
- Provide the customer information to the business on a need to know basis
- Ensuring secure access and identity guarantees to the backend
- Provide a unique identifier for a customer to the backend
The actual customer business portal would simply consume a federated credential provided by the browser and generated by the identity provider. This credential would contain the negotiated information ensuring the correctness and timeliness of the data.
With this approach a single user identity can become the key for multiple portals and offerings to the end customer. Allowing for a frictionless and modern user experience while the enterprise can focus on providing the core business value to its customers.
The business portal would be using the unique identifier as the entry point and single connection to the end customers information stored in the identity provider portal. This separation of PII information from the business-related information reduces the regulatory requirements for the Line of Business operators and providers.
It would also be the business portals responsibility to take on specific actions related to a user accessing the portal such as:
- First time access
- Consent management
- Collection of additional data to link a user to internal records, such as Medical Record Number, Customer Number, Subscriptions, etc.
- Business Specific information
The following diagram provides an architecture model describing such a portal implementation.
With the Cloud based identity provider providing the storage and self-care, the task of administrating the clients from a help desk scenario would remain with the customer. Such a help desk would operate and interact with the cloud storage using the cloud-based interfaces provided. Access controls to this portal can be managed via the integration with an on-premise Enterprise Registry. This ensures that access controls are enforced and can be demonstrated for audit and regulatory requirements.
Customer Lifecycle and Automation
In addition to all the available user interfaces provided by the Cloud based identity provider, an additional rich set of REST based API’s exist to enable the automation of any bulk operations or lifecycle operations that need to be performed on the end user population. These interfaces can also be used to allow the customer portal access to the user information as needed
As we have described the desired end state, in our experience, we have seen many customers that cannot simply move from the existing portal implementation to a new model. The next part of this series will show an approach on how to move an existing portal to this end state using an approach to limit the overall impact to the business team and customers and provide value rapidly.