The impact of the pandemic has been profound. Nowadays, many more employees work from home, using their own networks to access corporate applications in the Cloud. This shift can introduce security risks. Additionally, our online activity has increased, from inspiration and orientation to shopping. As a result, many companies have decided to enhance the online experience for their customers. Customers want secure and quick access to accurate information about their orders. So, what ensures that the metaphorical door opens or stays closed? Identity and Access Management, or IAM, plays a key role in managing these risks and is an indispensable part of the modern IT landscape.
But what exactly is IAM? In the field, you hear various needs: "We want to reduce the workload on the management department regarding user accounts," or "We need Single Sign-On (SSO), so I'm considering implementing an IAM solution," or "I want to make it easier for customers to access information about their purchases." All these requests are legitimate but require different solutions. This article provides a concise introduction to the terms IAM and SSO.
IAM is a true umbrella term that encompasses the management of user accounts in (information) systems and the associated access rights. In short: centralizing and automating the creation, securing, and deletion of user accounts, also known as user life cycle management.
It is important to realize that IAM for internal employees is a different domain than when looking for an IAM solution for customers.
Employee Identity Access Management (EIAM) is designed to centralize the identity management process for various systems. The goal is for IT staff to manage authentication and authorization in one place rather than across the entire range of technical platforms. This solution provides a single identity for an employee within the entire organization. An added benefit for employees is that they need only one user account with one password. The main objective of EIAM is to reduce security risks and increase operational efficiency. By having user account data in one place, the chance of human error is minimized, and data is more likely to stay up-to-date. The employer determines who (authentication) gets access and what (authorization) they can see in these systems, often based on roles in the organization or attributes available on the employee card (HR system) or identity, such as department.
Customer Identity Access Management (CIAM) operates on the same principles as EIAM but with a different goal. CIAM aims to centrally manage external users – customer user accounts. CIAM follows a customer-centric approach, enhancing the online customer experience. This improved experience allows customers to control settings and preferences, such as what information a company can know about them, receiving a monthly newsletter, updating address information, or resetting passwords. CIAM benefits both the organization and the customer. Organizations experience fewer customer service inquiries regarding settings and access parameters, while customers enjoy a more user-friendly online experience.
SSO can be a small piece of functionality within an IAM solution. SSO ensures that a user logs in once and gains access to all systems and resources integrated with the SSO portal. This eliminates the need for users to remember various usernames and passwords, reducing IT helpdesk inquiries. However, unlike an IAM solution, SSO does not manage identity as all connected systems can have different combinations of usernames and passwords. SSO should be seen as a password management solution rather than a comprehensive identity management system.
The IAM world remains a jungle of terms and usage. The choice of solution depends on the needs, security policies, and technical capabilities of other systems.
In summary, EIAM and CIAM focus on managing user accounts, aiming to automate the creation, securing, and deletion of user accounts, with EIAM targeting employees and CIAM targeting customers. These three aspects are not found in an SSO solution, which instead aims to simplify the login process for multiple applications, primarily reducing helpdesk inquiries regarding password management. It's important to remember that SSO can be a part of IAM, but IAM is not part of an SSO solution.
Implementing an IAM solution involves more than just revising your system landscape. As user accounts are managed centrally, existing business processes and personnel may need restructuring. Emixa can assist in identifying requirements and desires regarding internet security and identity access, as well as analyzing the necessary changes.