4 IdaaS Use Cases to Ensure Productivity And Security
Identity-as-a-Service, also known as IDaaS, is a cloud-based single sign-on service designed to simplify and centralize access to corporate applications. Rather than requiring employees to remember and use logins and passwords for each individual tool or platform, the IDaaS solution centralizes access, enabling users to log in once and access all their applications without the extra hassle.
This system, known as SSO, allows you to provide user access to any number of applications while minimizing the friction generated by authentication pages and forgotten passwords, and significantly improving access security.
In this article we will present 4 real-life use cases of the WALLIX Trustelem IDaaS SSO solution, to illustrate a variety of specific productivity or security objectives and how our clients achieved them with WALLIX.
1. Simplify the administrator experience and improve user experience
- A multinational company with several B2C brands.
- To manage its users, it has several different Active Directory directories in place.
- They also need to provide access to service providers who are external to the organization and therefore not in the AD.
- Finally, it all users need access to numerous applications, depending on their role and tasks
The need is, on the one hand, to simplify the management of the numerous users and their accesses and, on the other hand, to improve the user experience by proposing a unique authentication.
The solution implemented by WALLIX Trustelem offers secure and simplified user and access management for all internal and external access.
- All Active Directory systems are synchronized with Trustelem (identity and memberOf field).
- Non-AD users are administered via a delegated administration platform, created via APIs, which adds/removes/updates profiles directly through Trustelem.
- Administrators of this platform only manage the user groups made available to them and not the entire Trustelem subscription.
- Access rights are created automatically according to the groups in the Active Directory.
- A user added in the AD is automatically created on Trustelem, with its AD groups from which it gets the permissions.
- Passwords are not synchronized. When an AD user authenticates on Trustelem, the password is verified by the AD.
- Non-AD users benefit from the permissions of the groups defined by administrators.
- Applications added to WALLIX Trustelem allow for Single-Sign-On authentication, through support of the SAML or OpenID Connect protocol.
- Users authenticate to the WALLIX Trustelem application dashboard which groups all accessible applications.
- Thanks to SSO, users only sign in once when accessing the platform and no longer need to repeat authentication for each application.
- Users located on company premises are authenticated to WALLIX Trustelem with their Kerberos token of Windows session (Integrated Windows Authentication mechanism); no need to enter a login and password.
With WALLIX Trustelem, the client’s IT administrator only needs to maintain the AD directories for internal users and is able to delegate external user management to select administrators gaining in efficiency and without compromising security. And users benefit from an application portal to which they have access through a single secure authentication, even eliminating logins and passwords when on-site.
2. Automate account creation and application access
- A multinational company, offering services in real estate.
- They have few applications, but users who change often and therefore a constant need to manage user access rights.
The client needed a way to simplify and automate the creation of accounts on the applications, as well as their corresponding access permissions for users as the join, leave, and move within the organization.
Implementation of the WALLIX Trustelem solution enabled the client to implement automatic identity management processes to streamline their administration of frequently-changing user access needs.
- The company’s Azure Active Directory is synchronized with Trustelem
- The administrator chooses to synchronize, in addition to the identity and groups, specific attributes that will be used to manage authorizations within the applications.
- As in the previous case, passwords are not synchronized. When a user authenticates on WALLIX Trustelem the password is verified by Azure AD.
- Access rights are based on user groups.
- As in the previous case, when a user is added in Azure AD, it is automatically created on WALLIX Trustelem along with the Azure AD groups based on which permissions are assigned.
- Integrated applications support the SAML or OpenID Connect protocol and therefore allow Single-Sign-On authentication.
- Applications also therefore support Just-In-Time provisioning.
- During authentication, Trustelem sends the attributes retrieved from the directory to the application(s). If the user does not exist, it is created. If it exists, it is updated as necessary. If a user is deleted from the directory, it is not deleted from the applications but will not longer have access.
Thanks to WALLIX Trustelem, the client’s IT administrator has streamlined user and application administration, and only needs to add a user to the appropriate group in his directory. This leads to its automatic creation on Trustelem, and then on all applications. The user’s specific permissions within the application are automatically passed on when the user is created or updated. The permissions are also automatic, based on the groups of the directory.
3. Strengthen access security to comply with cybersecurity standards
- A European company offering B2B IT management services.
- Their main customer is implementing an ISO 27001 security management system and therefore requires proof of a secure access management procedure.
The client chose the IDaaS solution WALLIX Trustelem to implement secure identity and access management that meets security compliance requirements.
- The company’s Active Directory is synchronized with WALLIX Trustelem
- Access rights are based on the groups defined in Active Directory
- Sensitive user accounts access their applications with Multi-Factor Authentication (MFA), using a USB FIDO key.
- VPN access is also subject to MFA, using the WALLIX Trustelem mobile application as the second factor.
- All access is traced and auditable on WALLIX Trustelem.
- Added applications support the SAML or OpenID Connect protocol and therefore allow Single-Sign-On (SSO) authentication.
- The Fortinet VPN is configured with a WALLIX Trustelem connector installed at the customer’s site, so that it can use the identities stored in the cloud by Trustelem as a Radius server.
With a robust Identity-as-a-Service solution in place, all secure access is handled by WALLIX Trustelem to ensure the client meets the strict cybersecurity standards of their customer. Access is secured (MFA), auditable, and in compliance with the requirements of the ISO 27001 standard.
4. Customized, secure application access portal
- The client is a digital services company.
- They manage consultants who have access to a variety of applications (time management, vacations, expense accounts, etc.) which are added to the applications they use in the companies where they work.
The objective is therefore to centralize access to all internal applications into one company portal. This is precisely the benefit of the Identity management solution implemented by WALLIX Trustelem.
- The company’s Cloud-Identity directory (GSuite) is synchronized with Trustelem.
- Unlike in the previous cases, Google does not allow the use of the federated user passwords. Therefore, users have a Trustelem password that they define when they are created.
- Access is based on GSuite Cloud-Identity groups.
- The enterprise portal, which aggregates news and application access, is federated with GSuite, which is itself federated with Trustelem via SAML.
- Initial access to the enterprise portal authenticates the user to Trustelem, which provides the identity to GSuite. This therefore activates both a Trustelem session and a Google session.
- Some of the added applications support the SAML or OpenID Connect protocol and therefore allow Single-Sign-On authentication.
- Other applications are configured to authenticate with Google and therefore also benefit from Single-Sign-On since the user has an active Google session.
The client’s IT team successfully centralized and streamlined application management and access management thanks to WALLIX Trustelem. They simply need to add a user to GSuite, after which the user can connect to the company portal and access all the applications that are referenced there, thus benefiting from a significant productivity gain.
Simplify, streamline, and centralize with WALLIX Trustelem Identity-as-a-Service
In an increasingly digital and connected business context, managing users, applications, efficiency, and security becomes a difficult challenge for IT administrators. And yet organizations of all sizes and across all sectors seek solutions to secure access to corporate applications and facilitate productivity of their internal and external users.
Thanks to Identity-as-a-Service solutions, managing users and applications is made simple and secure. WALLIX Trustelem enables centralization and automation of tedious identity management across user directories and corporate applications, while improving user experience and productivity of users.
Is it time to simplify your identity and access management processes? Discover the top 5 things you need to think about to successfully implement an IDaaS solution: