IAM - Authentication vision

Get Started. It's Free
or sign up with your email address
IAM - Authentication vision by Mind Map: IAM - Authentication vision

1. Out-of-scope

1.1. Person centric 2020 vision

1.1.1. Personal orriented cockpit

1.1.2. personal accounts instead of corporate account

1.2. Access entitlment / authorization

1.3. Customer user account provisioning (really out of scope?)

1.3.1. Partners Tools4ever?

1.3.2. Link created identity

1.4. Enable mobile app authentication (really out-of-scope?)

1.4.1. What is the mobile strategy

1.5. White labeled login page

2. Business goals

2.1. Improve maintainability

2.1.1. Tickets service

2.1.2. Reversed proxy

2.1.3. Simplify logging

2.2. Industry level

2.2.1. Support industry best practices Customer in control of identity Compliance of customer Support of customer IT department (save a lot of roadmap and support for Raet)

2.2.2. Support industry standards SAML, OpenID Connect, federation, oauth

2.3. Enable disruptive UX

2.3.1. Support for pre-post employment authentication Recruitement fase onboarding after termination

2.3.2. Support for role independent UI (UX) No more l2/l3 portal but dynamic UI based authorization instead of authentication Step authentication

2.3.3. Enable deeplinking from customer environment (ABN)

2.3.4. Enable new portal/navigation experience

2.4. Enable single sign on experience for partners

2.4.1. Become IDP for patner

2.4.2. Out of scope: Support provisioning of partners Just in time provisioning Employee data from HR core Authorization data from ??

3. Domains

3.1. Administration office

3.2. User (l1-l3)

3.3. system to system (application authentication)

3.4. File exchange (=application authentication?)

4. Small companies?

4.1. Raet identity as a service (e.g using ping or azure ad)

4.2. Partner

4.3. Rely on their office 365 / google enviornment?

5. Compliance challenges

5.1. (Single) logout is and will not be supported

5.2. Session management

6. Multiple accounts?

7. sign sensitive transactions

7.1. Can be embedded in mobile app

8. Where are we

8.1. Broker is there

8.2. Ping directory for storage

8.3. Ping access for authentication

8.4. API for user provisioning from core system / portal to ping

8.5. 2 customer live (raet and boels)

8.6. Conclusion: base infra is there

9. Next

9.1. Replace reversed proxy

9.1.1. authentication ping access

9.1.2. redirecting ping access

9.1.3. authorization - which pages can a user access (pages can be marked as blocked)

9.1.4. Images style sheets

9.1.5. reversed proxy ping access

9.1.6. Why: unmaintainable

10. Multi factor authentication

10.1. L1-l3 access

10.2. What responsibility do we take?

10.2.1. Raet or IDP

10.3. What technologies

10.3.1. SM|S

10.3.2. Authenticator

10.4. How to deal with the transition?

10.5. Provide 'strenght' info for authorization purposes

10.5.1. Step up authnetication

10.6. Certificates are 2nd factor, but are given for free. How to migrate and monetize this?

10.6.1. SMS is not secure enough anymore

10.6.2. Ceritfiicate is not indusytr pratice anymore

10.6.3. Tokens generators are most likely canidate require self-service token infrastracture New support support process What can we move to partners/identity providers? What should we do our selves?

11. Use cases

11.1. Setup / update SSO without cloud solutions

11.1.1. Self-service SSO configuration

11.1.2. How to authenticate the first user?

11.1.3. What is the procedure? IDP assurance level NIST Create vs Update Onboarding

12. Roadmap priority

12.1. Reversed proxy (risk reduction and crucial for IAM, cost: takes a lot of VM, blocking new technology use)

12.1.1. 4+ sprints

12.2. API access through Ping

12.2.1. Gateway

12.2.2. Hidden cost in CS on pingwin and gateway team

12.2.3. WSJF

12.2.4. 1-4 sprints?

12.3. MIgrate existing L1 customers

12.3.1. Customers on SAML Uses reversed proxy which needs to be resplaced

12.3.2. Customers on SAML via surfconnect

12.3.3. XSSO customers ??

12.3.4. Customers with username/password

12.3.5. Support other services Mobile app Community support

12.3.6. 2 factor support?

12.3.7. Estimate: Rest of the year needs more scoping

12.4. Goto market

12.5. Migrate Level 2 & level 3