IDP Integration

Identity Management 360™ is equipped with the most powerful authentication management system in the industry.  This rules-based authentication gateway is capable of delivering a custom authentication experience to each user.  For example, users logging in internally can be transparently logged in via Integrated Windows Authentication (IWA) while external users can be challenged with custom forms.  Customers coming from companies that have SSO can use SAML or WS-Federation, while other users can see fully branded login pages complete with corporate logos and colors.  Two factor authentication such as one-time PIN or CAC certificates can be applied universally or only when accessing specific applications.  Organizations with multiple directories can give the appearance of a single identity source since IDM 360™ automatically routes users to the appropriate directory.

UniversalAuthentication

IDM 360™ IDP Integration is highly configurable, by  location, device type, browser type, customer name, target application.  IDM 360™ provides the following features.

Multiple Forms Authentication

Users’ identity may reside in many locations.  Some users may be in one or more Active Directories, while other users are in LDAP or conventional databases.  Some users may be coming from clients and/or partners that have implemented single sign-on using SAML WS-Federation, OpenID or OAuth.  IDM 360™ determines which authentication is appropriated for each users and transparently directs them to the appropriate directory source.  Your users see a single authentication screen unaware that multiple sources of identity have been consolidated by IDM 360™.

Multi-Factor Authentication

Increasingly, simple password-based authentication is no longer sufficient for today’s secure applications.  IDM 360™ provides multi-factor authentication using a variety of mechanisms including one-time PIN, time-based one-time password (TOTP), secret questions, client certificates and CAC cards.  Second factor data can be generated and sent to mobile devices or it can be read from the user’s profile (e.g. birth date and month).  Time based passwords assure authorization can take place even if mobile phones/devices cannot connect to the network.  MFA can be required for entry into one, some or all applications protected by IDM 360™.

Password Self-Service

Users may have the option of resetting or changing their passwords via self service.  This includes resetting passwords via secret questions or email confirmation as well as changing passwords that are about to expire.  Users can receive configurable warnings when their passwords are getting ready to expire.

User Registration

If permitted, users may self-register with IDM 360™.  This can be via a registration form or via attributes passed in an assertion/claim from a single sign-on customer/partner.  If IDM 360™ has been pre-loaded with customer data, auto-registration can include a verification step to confirm user identity based on profile data.

Seamless Windows Authentication

Users on a Windows domain have the option to authenticate via Integrated Windows Authentication.  This mechanism allows users to transparently sign-on using their windows credentials.  IDM 360™ extends this capability via single sign-on to allow users to log into both Windows and non-windows applications for a truly seamless experience.

Fully Branded Authentication

IDM 360™ introduces micro-sites: mini authentication sites that provide a branded experience for customers.  Each customer can view a custom login page complete with colors, disclaimers, contact information and logos.  Micro-site pages can be hosted in IDM 360™ or they can be delegated to any existing application (e.g. Liferay) for ease of maintenance.

Identity Provider Integration Nexus

For more details on the product technology visit here.

Contact us

IDM 360™ IDP Integration

Powerful foundation that allows IDM 360™ deliver unprecedented flexibility and user login experience.
Contact us