Customer Identity and Access Management (CIAM) Buyer s Guide



Similar documents
Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Connecting Users with Identity as a Service

pingidentity.com IDENTITY SECURITY TRENDS IN THE MOBILE ERA

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

CA Single Sign-On Migration Guide

Pick Your Identity Bridge

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL SS. Single Sign-On (SSO) Solution

OpenID Connect 1.0 for Enterprise

A Standards-based Mobile Application IdM Architecture

Identity. Provide. ...to Office 365 & Beyond

Enable Your Applications for CAC and PIV Smart Cards

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Google Identity Services for work

The Primer: Nuts and Bolts of Federated Identity Management

Identity and Access Management for the Hybrid Enterprise

Simple Cloud Identity Management (SCIM)

Extend and Enhance AD FS

Interoperate in Cloud with Federation

PingFederate. SSO Integration Overview

NCSU SSO. Case Study

PROTECT YOUR WORLD. Identity Management Solutions and Services

STRONGER AUTHENTICATION for CA SiteMinder

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Cloud SSO and Federated Identity Management Solutions and Services

Two-Factor Authentication

How to Extend Identity Security to Your APIs

Two-Factor Authentication

Flexible Identity Federation

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Adding Stronger Authentication to your Portal and Cloud Apps

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

The Top 5 Federated Single Sign-On Scenarios

SAML 101. Executive Overview WHITE PAPER

expanding web single sign-on to cloud and mobile environments agility made possible

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

Entrust IdentityGuard Comprehensive

Enabling SSO for native applications

Authentication Strategy: Balancing Security and Convenience

101 Things to Know About Single Sign On

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

The Benefits of an Industry Standard Platform for Enterprise Sign-On

IBM Tivoli Federated Identity Manager

Simplify and Secure Cloud Access to Critical Business Data

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

IBM Security Access Manager for Web

SAML 101 WHITE PAPER

IDC MarketScape: Worldwide Federated Identity Management and Single Sign-On 2014 Vendor Assessment

How To Use Salesforce Identity Features

API-Security Gateway Dirk Krafzig

Azure Active Directory

Scalable Authentication

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

white paper 5 Steps to Secure Internet SSO Overview

2013 AWS Worldwide Public Sector Summit Washington, D.C.

How To Manage A Plethora Of Identities In A Cloud System (Saas)

SAML SSO Configuration

Why Identity is at the Heart of the IoT

CA Technologies Strategy and Vision for Cloud Identity and Access Management

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Integrating Single Sign-on Across the Cloud By David Strom

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Protect Everything: Networks, Applications and Cloud Services

An Overview of Samsung KNOX Active Directory-based Single Sign-On

HOL9449 Access Management: Secure web, mobile and cloud access

Identity in the Cloud

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Single Sign On. SSO & ID Management for Web and Mobile Applications

Protect Your Customers and Brands with Multichannel Two-Factor Authentication

SECUREAUTH IDP AND OFFICE 365

Secure Identity in Cloud Computing

Application Security Made in Switzerland

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Flexible Identity Federation

Federated Identity and Single Sign-On using CA API Gateway

User Identity and Authentication

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

People-Focused Access Management. Software Consulting Support Services

Transcription:

Customer Identity and Access Management (CIAM) Buyer s Guide Shifting Marketplace Over the last five years, there has been a major shift in how enterprises need to look at and secure customer identities while offering access to critical applications. Hyper-connected customers are blurring the lines of customer interactions. They re adopting new patterns of engagement that spread the customer journey and experience across multiple channels. When we think about customer access, it isn t just about web apps any more. Applications are no longer exclusively inside the firewall. Perhaps most importantly, is the need to deliver a seamless customer experience. This experience must address new behaviors, but it also creates business requirements from marketing and lines of business that require customer experience and marketing teams to partner with IAM teams to deliver the right solution. Defining Customer Identity and Access Management (CIAM) Recently, there has been a tremendous increase in the quantity (and quality) of solutions aimed specifically at solving the challenges posed by customer identity and access management. The industry as a whole is recognizing that trying to treat customer identities as a simple extension of existing enterprise identity solutions isn t an optimal approach. Why is customer identity discrete from enterprise identity? Customer identity has a direct impact on your customer base. Customer identity needs to think about multiple customer-facing properties, spanning web and mobile. Customer identity deals with larger scale and volume of transactions, and performance has direct revenue impact. At its most basic level, a CIAM solution should solve for the complete spectrum of activities related to delivering a secure, seamless customer experience: Register customers (social sign-on, registration/enrollment, authentication) Authenticate customers (authentication, step up authentication, multi-factor authentication, risk based authentication) Manage identities (create a unified view of the customer, update user profile [email, password, security questions/answers, etc.]) Connect customers to applications (federation and SSO) Scale across multiple customer bases, business units, partner offerings 1

Define Business Objectives Defining your business objectives up front will narrow your focus and ensure you re looking at the right solutions. The top business challenges typically driving the need for CIAM solutions are: 1. Third-party application aggregation Seamless customer experience across multiple web properties and mobile applications 2. Multiple web properties under a single parent brand Integration of third-party services under a single brand experience (either due to business partners or M&A activity) requiring varying levels of authentication 3. Mobile application development and delivery Centralize CIAM capabilities to support a unified view of customers across all business units supporting unified customer experience across disparate applications properties Top Five Technology Considerations 1. Balancing the need for secure access to applications with ease of use for consumers and end users 2. Architecting for scalability and always-available access to a branded user experience 3. Working at consumer speed instantaneous access to applications 4. Integrating with existing complex identity investments that can not or will not change 5. Accommodating diverse platforms across web, mobile and API Top Three Best Practices for CIAM Implementation 1. Balance usability with security. This requires close collaboration between line of business/marketing and IT/Infosec teams. 2. Plan for scale. Focus not only on total number of users, but on spikes in usage as well. Ensure that whatever solution you are looking at is priced for consumer use, and works at consumer speed (>1 sec response times don t cut it with consumer apps). 3. Plan for omnichannel. Whether you call it omnichannel or not, your customers are already engaging with you across many channels. Anticipate how your CIAM solution will facilitate their cross-channel journey in the planning stages. Three Pitfalls to Watch Out For 1. Partial solutions (e.g., web but not mobile, SSO but not provisioning) 2. Complex stack of software to meet CIAM requirements 3. Large amount of customization required to fully implement CIAM Vendor Selection Guidelines Experience and references Financial viability and market stability Scope of services/completeness of solution Identity management implementation experience Managed services experience Commitment to excellence and delivering innovative solutions Evidence of thought leadership in the marketplace and in the proposed solution 2

CIAM Vendor Selection Checklist Registration/Enrollment Ping Identity Vendor B Vendor C Registration front-end support Web Mobile How does the solution support social media data and identities? Directory Ping Identity Vendor B Vendor C Customer profile data management User repository storage Built on existing on-prem customer user store Using its own cloud-based user store Attributes supported Groups supported Schema elements supported Authentication Ping Identity Vendor B Vendor C Basic authentication Kerberos/NTLM Username and password validated against LDAP JDBC Custom sources Strong authentication (2nd factor) How does the solution support two-factor authentication? One-time password (OTP) hardware tokens OTP mobile applications x.509 certificates RSA SecurID Verisign VIP 3

Authentication (cont.) Ping Identity Vendor B Vendor C Step-up authentication Adaptive authentication Biometrics Risk-based authentication Device ID/reputation/fingerprinting solutions Single Sign-On (SSO) Ping Identity Vendor B Vendor C Federated sign-on (FSO) Basic SSO (password vaulting) SSO between native mobile applications Access Managment Ping Identity Vendor B Vendor C Web access management API access management Reverse-proxy model Web server agents WAM solution integrations CA single sign-on Oracle access manager Tivoli access manager Dynamic access control Delegated access controls Delegated administration 4

User Self-Service Ping Identity Vendor B Vendor C Security profile update Email Password Security questions/answers Password reset self service Password recovery self service Standards Support Ping Identity Vendor B Vendor C SAML SCIM OATH OAuth OpenID Connect NAPPS FIDO Alliance (UAF and U2F specifications) Reporting Ping Identity Vendor B Vendor C How does the solution model organization-level data? What types of analytics does the solution offer based on customer data? How is it visualized? KPI tracking (registration abandonment rates, failed sign-on rate, etc.) Security Certifications Ping Identity Vendor B Vendor C HIPAA FERC/NER GLBS IOSO 27000 CoBIT PCI-DSS 5

CRM Integrations Ping Identity Vendor B Vendor C Salesforce Oracle EBS SAP Ability to Scale Ping Identity Vendor B Vendor C 12 months: 500K IDs, 2K daily xns 24 months: 3M IDs, 5K daily xns 36 months: 5M+ IDs, 10K daily xns Support peaks of 500K xns/minute Availability Ping Identity Vendor B Vendor C Load-balanced Geographically distributed Clustered Recoverable Support for Second/Third-level Escalated Issues Ping Identity Vendor B Vendor C 24x7 Toll-free phone Internet text/voice chat Appropriate response guarantees Escalation plans About Ping Identity The Identity Security Company Ping Identity is the leader in Identity Defined Security for the borderless enterprise, allowing employees, customers and partners access to the applications they need. Protecting over one billion identities worldwide, the company ensures the right people access the right things, securely and seamlessly. More than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens, trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. 2015 Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingEnable, the Ping Identity logo, and Cloud Identity Summit are registered trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information