Identity and access management (IAM) has extended from being solely an internal IT management process to focus on external business engagement too.
The UK’s answer for Identity Governance and Admin
Quocirca is always pleased to see innovation from the UK IT sector and, over the years, IT security has produced many successful companies, often eventually acquired by US giants. Quocirca’s March 2016 Computer Weekly buyer’s guide on external identity management focussed mainly on US vendors, which dominate the identity and access management (IAM) market. However, there was one UK company covered in the report, ProofID which remains independent and continues to innovate.
An update to what was said about ProofID in the buyer’s guide is needed, not least because it has renamed its main product ARMS (Affiliate Records Management System) to the more succinct and meaningful ProofID IGA (Identity Governance and Administration). Whilst ProofID IGA can be used as a primary identity management system, with the ability to store and authenticate identities, the primary use case is to enhance other IAM deployments enabling better administration of external users. This is all done via the SCIM (System for Cross-domain Identity Management) standard, with a new SCIM Bridge for applications which do not directly support the standard.
There are two broad area of focus for managing external users; business-to-consumer (B2C) and business-to-business (B2B). The key focus for ProofID IGA is B2B, which itself breaks down into two use cases; the need to manage the participants in given business processes, such as a supply chain or sales channel; the need to manage itinerant staff, for example those taken on to manage seasonal peaks by retailers or those working at events.
The challenge in both cases is delegating administration. IT departments, working in conjunction with human resources, may be able to invest the time in provisioning permanent staff. They will not have the business insight or capacity to manage external and itinerant staff, other than to create to basic roles, with default rights and restrictions. With the right tools, line-of-business managers can assign these, with tailored rights for the external users with which they need to engage. ProofID IGA is designed to enable that delegation whilst maintaining all the necessary audit trails.
As well as the name change, there have been several enhancements with the new release of ProofID IGA V2.25. The product is now available as a full SaaS platform opening it up to smaller businesses. It is also offered on a hosted per-customer basis or on-premise.
The user interface has been simplified, in line with the ProofID’s ‘deploy today, use tomorrow’ philosophy. Despite also being an IAM services company, ProofID wants to avoid the consultancy-led deployments that it says certain competitors require. To this end it has also rebuilt the self-service interface, which is essential to avoid the costs that IT helpdesks run up with constant requests for changed access rights and password resets (the latter are all too common with intermittent users, which many external users will be).
To support all this there is also a re-built configurable workflow engine for managing user requests and management approvals. There is also more detailed auditing, for example, capturing the before and after states of attributes, as well as who changed them, and when.
ProofID is a UK company, but it has ambitions well beyond its home country’s Brexit-shores. Its partnerships with some of the major IAM vendors, including Ping Identity, Microsoft and NetIQ, will help it achieve this. As the UK government dithers about the future, many UK businesses, such as ProofID, are just getting on with it.