The key to access management is finding the right balance between security and ease of use when actually providing users with access to your valuable information. We use advanced tooling to adequately protect your applications.
SSO
Single sign-on for users after they have logged on from a managed workstation, or after they have logged on to the first application from an unmanaged workstation. A managed workstation does not necessarily have to be an office computer.
Passwordless, tokens, biometrics
Tokens and biometrics can be used alongside passwords as an additional factor for logging in (authentication). Here] we provide more information about Multi Factor Authentication (MFA). Choosing the right means is important. This also applies to passwordless logins. It is possible to provide secure access without passwords at all. In environments where logging in is often required (for example, because SSO is too risky or because people are always working on different workstations/devices), this is often a good improvement.
Risk based access
This is a form of secure access that, like MFA, goes beyond username and password. This method assesses risks based on preset criteria. These include geo-location (different than usual), IP address (not local), time of day, behaviour (such as number of failed login attempts) and the device that is used (already used or not). If a too high risk is determined, a decision can be made not to give access, to enforce an extra factor or to provide easier access (step-up authentication). This can be arranged per application, so the rules can be stronger for more risky applications.
Federation
Federation works both ways, it can be used for gaining access to others’ web applications for one’s own employees or for granting access to one’s own applications by third party employees. Federation also offers SSO. Federation provides the option of providing characteristics on the basis of which access rights can be determined. If there is then a role/authorisation model, the rights do not need to be provisioned (see account and role provisioning), but are set using the federated link. This is often simpler than a provisioning link. In the case of federation for applications that are used by external parties, the registration of identities is done by an external party. It is then a good idea to lay down the reliability of this registration in a contract and to define access accordingly. We will work with you to determine the correct organisational and technical set-up when entering into such a federation and can assist you in setting it up contractually, organisationally and technically.
Social logon
This term is used for federated logon via a social media party (Facebook, Twitter, LinkedIn, etc.) or external service provider (Microsoft, Google, Apple). These parties support the modern standards for federation, but do not guarantee the reliability of the registration. It can be used, for example, to provide clients or prospective students with access to information.
Back to Modiam*
