Event Recording

What are the benefits of handling external users in IGA?

Name: What are the benefits of handling external users in IGA?
Uploaded: 2021-09-15T12:00:00+02:00
Duration: 8 min 50 s
Description: Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle. rnLauri Reunamäki, Partner, Business Operations, Lempinen & Partners

Posted on Sep 15, 2021

Show description

Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle.

Lauri Reunamäki, Partner, Business Operations, Lempinen & Partners

Speaker

Partner, Business Operations
Lempinen & Partners

Lauri Reunamäki

Lauri is responsible for identity and access management business operations at Lempinen & Partners. He has 22 years of experience in global IT environments including challenging identity and access topics. He has participated in IGA development as well as customer implementation projects....

View profile

Show Transcript

Okay, thank you. And you pronounce my name much better than most of the people. So thank you. My name is Laura and I'm a partner at ly and a partners and responsible for business operation. And mainly focusing on the IGA business. I've been working roughly 22 years in it in various positions. Most of my career have been in management position, responsible for global teams. And as with my various roles and responsibilities, IGA has been part of my life for a long time today. I got a touch, a topic which divides opinions within the different companies. As I talked with companies more and more of them are considering whether to move to external users away from the HR processes and the systems, and have some other way of managing the external users. There are of course, many types of external users. There are those that have a position within the company and work the same way as the internal employees.
And then there are those non position users who come through subcontracting today. I will be focusing on this non position, external users, those that have a position within the organization, my be better to live in the HR system. I'm not saying that it'll be a bad practice to keep externals in HR system, but just want to give you another option for this as handling of the external externals in IGA. Why should it be used for the external users and not the common way today by keeping those users in the HR systems as before I'm not talking about, I'm not talking about the non and external users first and in my mind, the biggest benefit is the efficiency by ordering the externals through HR, you will need to wait for the process to go through before you can access start ordering any accesses for the user.
This delay is caused from getting the necessary approvals, as well as if request doesn't have appropriate accesses to the HR system to create the external system sales it'll, then go through the emails and tickets and to be manually handled by the HR and using the IHA directly to request the external users. You can create the request during the same session as you request external users to order any access rights and job pros, which the user might need. There is no delays caused by the process and no extra work required by the HR. Also on the security perspective, you will need to audit trail for all the submit and information who made it by using the IGA for all. You will have all log entries for whole external user life cycle in one place. Also some of the legacy HR systems might not even support authorization workflows, which means that this will be also a mono step for the HR to handle.
You can also think how you can handle the situation where you need to suspect external users temporary, for example, doing long leads and how you can inactivate all of those outcomes easily and automatically external users do not usually require the capabilities by the HR system, payroll as an example, but you're still required the IGA for handling the accesses systems. So it, it does not necessarily make sense to pay for the HR licenses for these users. Then you are handling non external users. Usually HR does not even need to be involved as the work is done. According to the contract with another company and invoiced as such in IGA, you can manage the whole life cycle of the external users. This starts when external users starts working for the company and required outcomes and access, right, are given for the users based on the job pros and other requests.
IGA will manage the segregation of duties and any position changes. Target systems are reconciled periodically. So all outcomes and access rights are known for the IGA. It is also important that external users are re certified periodically to make sure that you don't have any external users who are no longer working for your company, as well as those that do don't have any unneeded accesses. When user contract ends users are terminated automatically and all the outcomes and accesses are removed. This can be also done of course, manually. At any point, when user no longer requires to access the company system. Let me now show you an example, how to manage the external users in IGA. The whole eye cycle can be managed to the IGA Porwal. In my example, I will be using the ServiceNow Porwal with our own IGA ServiceNow application. As a backend, let's start by requesting new external user. So you would be going through the Porwal and get the phone requesting the new external user. You fill the information like contrast, start date and date name, email company manager, phone number, and so forth. And you can also select for the external users depending what they are going to be doing within the company, and which will then give the user his or her per rides.
This will create and request, and it will call through the necessary approvals. There can be from zero to end approvals, as well as any checks you want to have for the external users like for mandatory trainings and NDA. After you have a, was that the external user after your request, the external user, and even during the approval process, you can start ordering any system specific accesses, which are not given through the added job process in the form. You can see the ones which are coming from the job, which are now in the request state. And I have put also the gap that the user would need this new access, right? As well after requesting the, a access rights it'll okay, and require any approvals required for these access rights. If request for new user has not come through yet, it will then go to the bending state until it has been approved. And the external user has been created. As I said earlier, it is really important that we have a checks that all external users are still working for the company. And those that do don't have any in accesses to your systems. This recertification will create task for your external users, managers who will then need to pass the audit before they end date during the audit use, of course, remove any unnecessary accesses from these external users.
When external users contract ends, termination processes started automatically. You can also manage terminations manually. As I mentioned earlier, using the IGA Porwal or the ServiceNow Porwal in my example, to terminate the external user, you can also have different kinds of terminations and even manage long leaves where you only pass away the accounts, but don't actually remove any accesses or job pros. And when the user returns, we can easily reactivate the user accounts. And thank you for my time. And I will be of course, glad to discuss this more as any other IGA topics as the IGA speak part of my life. And you can find my information on the screen as well, and find me and link it in. And also my company information is there. So you can click and see more about where I work and what kind of things we do. Well, thank you very much.

Playlist

European Identity and Cloud Conference 2021

Event Recording

Evolution of User Centricity in Customer IAM

Sep 14, 2021

The transformation of the IAM landscape of a Multi Service Provider is taking shape.

Rolf Hausammann, Head of Identity and Access Management, Swisscom

Watch

Event Recording

EIC 2021 - Keynotes & Workshops

Sep 19, 2021

Watch

Event Recording

Why We Need Guardianship in the Digital World, and How We Might Approach Delivering Guardianship Using Verifiable Credentials

Sep 14, 2021

Guardianship is a condition of life in human societies. When we are young we may be looked after by parents until we become adults. When we are adults we on occasions need others to look after us, and sometimes we may need increasing levels of care as we age.
In our physical world, we may recognise a guardianship role between parents and children and within families, and we may have more or less sophisticated laws to recognise instances where someone needs to take care of another for medical, financial or other needs.
While the concept of Guardianship is reasonably well developed and understood in our physical lives, it is scarcely considered in our digital lives. Very few (if any) considerations are made for the possibility that someone may need another to look after their affairs online. Without this consideration, we resort to poor approaches such as where a Guardian needs to "log in" as the dependent, without the visibility of the service provider, or has to prove their Guardianship status to a service provider who is physically remote and often in a different legal jurisdiction.
In late 2019, the Sovrin Task Force on Guardianship wrote a white paper on Guardianship considering these issues against two specific use cases: a child refugee and an adult living with dementia. A Working Group was established at the beginning of 2020 to develop these ideas further within the context of Trust over IP and has produced two key documents: an Implementation Guide to Guardianship using Verifiable Credentials, and a Technical Requirements document for Guardianship using Verifiable Credentials.
I would like to present these new pieces of work and, hopefully, engage in a discussion on guardianship in the digital world.
**Please note that this work was created by a team working with the not-for-profit Sovrin Organisation and is provided on a Creative Commons BY SA 4.0 Licence**

John Phillips, Partner, 460degrees

Watch

Event Recording

Panel | Is Traditional MFA the Right Solution in a Post-COVID World?

Sep 14, 2021

The hybrid mix of remote and office work combined with digital transformation initiatives is driving the rapid adoption of cloud. This trend is also prompting organizations to rethink requirements for authenticating employees and other members of an organization supply chain. Companies are now exploring how to significantly improve both security and the end user experience. Unfortunately traditional multi-factor authentication is lacking in both areas.

Joni Brennan, President, Digital ID & Authentication Council of Canada

Martin Kuppinger, Principal Analyst, KuppingerCole

Patrick McBride, Chief Marketing Officer, Beyond Identity

Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO Alliance

Discussion topics include:

How is the post COVID era changing the security and identity / access management landscape?
Should traditional MFA still be the “go to”?
What new requirements have emerged and why?
What approaches are advanced customers adopting?
What is the difference between Traditional MFA and newer options?
Is device trust important? Why or why not?
What is the role of continuous, risk-based authentication?

Watch

Event Recording

Panel | Best Practices to integrate AI in Identity Access

Sep 14, 2021

Anne Bailey, Analyst, KuppingerCole

Fabrice Gürmann, Data & AI Specialist, Microsoft

Tobias Oberrauch, Senior AI Consultant // Leader Group at Baden-Württemberg, CGI // AI PIONEERS // German AI Association

Watch

Event Recording

Goodbye Dogmatism / Hellō Pragmatism

Sep 14, 2021

Disciples of decentralized identity have preached for years that DIDs are the only true path to giving users control over their identity, AKA self sovereign identity. The lack of widespread adoption is evidence that a more pragmatic approach is needed.

Watch

Event Recording

FIDO for Developers - How Developers Can Master FIDO and Passwordless Authentication Without Adding Unnecessary Complexity.

Sep 14, 2021

The paradox of simplicity is that making things simpler is hard work. - Bill Jensen

Building strong passwordless authentication from scratch can be very time-consuming. Integrating the necessary infrastructure into a typical password-centric identity code base increases code complexity exponentially. Taking into consideration that well-known user flows have to be changed and enhanced with new authentication options may also pose significant challenges for developers. They have to get it right - and make it as simple as possible for the end user.

In this talk, we highlight possible pitfalls and necessary considerations when implementing passwordless FIDO and WebAuthn protocols. You will recognize how a cloud-native approach can simplify the integration of passwordless authentication and smoothen the requirements for developers and product owners of any online service. You’ll also learn how to gradually migrate existing users to the new authentication methods in a frictionless manner.

Join us to explore three possible abstraction layers we’ve identified to take the complexity away when dealing with FIDO and passwordless multi-factor authentication. Ranging from utilizing a managed FIDO API and SDKs up to a fully-fledged passwordless-native identity provider that can be integrated with OpenID Connect. We also will share some secrets on useful extensions of the FIDO standards we’ve identified when building our passwordless user experiences.

Felix Magedanz, founder and CEO, Hanko.io

Watch

Event Recording

How to Thrive in an Accelerated Access management world

Sep 14, 2021

Research from 2020 has shown a phonemonal growth in the access management market.

The pandemic, for all its impact, has enabled organisations to re-evaluate their working strategies and practices. But at what cost? Cybercrime on corporate applications has risen exponentially from the dispersed workforce and rapid cloud adoption has left organisations vulnerable to ransomware, malicious activity and internal subterfuge.

Danna Bethlehem, Director Product Marketing Authentication at Thales discusses how organisations can accelerate their business with the right approach to their IAM strategy. For 2021 and beyond, enterprises need to leave survival mode behind and adopt a drive to thrive.

Drawing on recently released research into the EMEA IAM market, she will highlight:

How demands of the corporate workforce for dispersed working is bringing IAM security concerns to the fore
How the next generational approach to IAM can enable forward thinking organisations to thrive
How enterprises can build an effective IAM strategy to drive their growth

Danna Bethlehem, Director Product Marketing IAM, Thales Cloud Protection & Licensing

Watch

Event Recording

Multi-Cloud Multi-Hybrid IT: How to Make your Digital Business Fly

Sep 13, 2021

IT has changed fundamentally in the past years. Multi-cloud environments mixed with private clouds and on-premises infrastructures (multi-hybrid) are the new normal.
The high pace in transformation, modernization, and innovation required for success in the digital age requires these environments to work smooth and secure.
In his talk, Martin Kuppinger will discuss where and how IT, IT Security, and IAM need to evolve to make the digital business fly.

Watch

Event Recording

Introducing ESSIF-LAB - The European Self-Sovereign Identity Framework Lab

Sep 14, 2021

Drs. Jacoba C. Sieders, Member Of The Board Of Advisors, EU SSIF-lab

Watch

Event Recording

Driving Business Value in the Enterprise with Zero Trust

Sep 14, 2021

With the merger of AOL+Yahoo, the newly formed Enterprise Identity team had the challenges of planning to support the cloud-first future of the new company Oath (which would become Verizon Media), building a new Identity ecosystem with Zero-Trust methodologies, and supporting a security-minded culture.

Bryan Meister, Senior Principal Architect, Yahoo

Watch

Event Recording

Identity Management as a Service - What it is and How to Build One

Sep 14, 2021

I considered myself quite an experienced programmer and having some expertise in Identity management when I was hired by Swedbank to work as full time Identity engineer. Besides projects, I had assignment to describe an architecture of the IAM as a service from my manager. Honestly, I had no clue about how to envision it. I tried to assemble standards and squeeze something out from practices and papers. But these were not really all my ideas and I did not feel much confident. But something started to happen in few last years when we had a very hard time implementing our IAM project (believe or not, it was successful). We had to answer hundred times to questions "why", "what" and "how". And finally the blueprint of the architecture of IAM as a service appeared from the mist. It is not one and only, because same size does not fit for all. Still, I do not agree that there are indefinite number of possible solutions. I think similar enterprises and engineers may find this presentation useful to draw their own blueprints.

IAM projects start usually from implementing baseline IAM processes - joiners, leavers, movers. Because this is what is usually most needed. But then you will get asked for more - identity data, events, other services. This is what makes up IAM as a service.

Neeme Vool, Software Engineer, Swedbank

Watch