B2B IAM

Multi-level delegation with Roles & Attributes

Regardless of your business relationship, you want to empower your business users, you do not want to have the administrative burden and you still want to be in control.

The powerful iWelcome RITM delegation portal is the answer. With iWelcome RITM you can define the scope for delegated access, using roles and attributes. Your business users can take it from there. This may include identity verification steps and restrictions on email domains, like "x.y@businesspartner.com".

Multi-Factor Authentication for power users

Business users can have limited access, but may also be power users and hosts, able to delegate access to other users. Multi-factor authentication is a key security requirement for these users.

In addition to traditional one-time-passwords (OTP) over SMS, iWelcome provides a customer styled MFA App, available for Apple and Android. This App supports OTP, but more user friendly is the push/swipe. You get a push notification on your phone to simply accept or reject the authentication request.

Business Partner Onboarding

Collaborating with business users requires granting them access to the right resources, for the right amount of time, while empowering them to further cascade roles to new users, through delegation.

iWelcome’s RITM access management platform provides a sophisticated multi-level delegation model that allows you to efficiently onboard and manage business partners and applications through delegation, entitlements and customisations, according to the project’s needs.

Client benefits

Reduced onboarding time and cost
Partner flexibility and independence
High control over identity access
Multi-level delegation capability

Multi-Factor Authentication

Even though multi-factor authentication may still be seen as burdensome, it is indispensable to those companies who wish to provide a high level of security to their users and be compliant with global security and privacy requirements.

iWelcome provides a customisable multi-factor authentication experience to power users through four passwordless authentication methods, based on industry standards. Soft-token authentication is possible using time-based one-time password that can be delivered via SMS or generated by the iWelcome Authenticator mobile app. Alternative multi-factor authentication methods are Push Notifications (the default authentication method) or e-mail magic link.

Client benefits

Higher security
User convenience
Cutting-edge technology

eRecognition & Third Party IdP's

The eRecognition (eHerkenning) login system is a standardised system that allows government organisations to verify a private company’s identity and ensure they are dealing with the right company representatives. Its aim is to incentivise public-private sector cooperation.

iWelcome’s data centres reside in Europe and has been certified by the Dutch government to provide verified e-identity, authentication and authorisation solutions under the eRecognition program. We support common open standards such as SAML, OpenID Connect or OAuth (for authentication and federation), as well as SCIM (for provisioning).

In addition to the eRecognition certification, we integrate with third party identity providers (IdP’s), allowing us to outsource the validation of user credentials to a third party, such as Active Directory on Azure or a social network.

Client benefits

Certified standardised login
Usage and SLA reporting
Self-service capabilities
Certificate management

Delegated User Management

iWelcome offers multi-level user management functionality that can be used to add users and groups, assign users to groups and to push the workload and accountability of specific actions to other users.

Delegation of user management is supported on several levels, where at every level users can be assigned the role of delegated admins, allowing them to cascade roles to identities in scope.

By using a decentralised access management system, our customers leverage the platform's multi-level capability of managing identities.

Among others, the following scenarios are supported:

User registration by delegated admin via a simple web-portal for (temporary) accounts;
Administration (e.g. disable, delete, etc.) by delegated admin of temporary accounts;
Delegated users/Guests can set and activate their own password via the self-service portal;
Delegated users/Guests can reset or change their password via the self-service portal in case the password has been lost.

Client benefits

Delegated users can (re)set/activate/change passwords;
Available via customer-branded UI or RESTful API.

Access Based On Roles, Rules & Flexible Structures

Access to information is governed by a combination of roles and role types, system rules and flexible structures.

Within iWelcome’s B2B IAM, roles are collections of permissions that control what data and applications an identity can access and what actions it can perform. These can be configured according to the organisation’s needs for users and applications.

The automation dimension of the platform is given by rules, that can be used to instruct the system to automatically assign pre-defined roles to all entities that follow the desired criteria, at a predefined periodicity.

We use flexible structures such as schemas, collections and structures as a logical means of organising data. By using a combination of static and adaptive structures that can be defined on a single level or can be nested on several levels, we provide a more granular control over what identities can access and how.

Client benefits

Time-based account creation
Invitation-based account creation
Automation rules
Approval workflow for application access
Mass updates
Customisation and configuration

Provisioning

Provisioning refers to the creation, maintenance and deactivation of user objects and user attributes over multiple systems and applications allowing these to interact with business logic.

The iWelcome platform provisions and de-provisions’ user accounts and attributes from multiple source systems (e.g. CRM, HR or any other identity stores like Active Directory, Windows Azure Active Directory, Identity Management Systems, and/or Master Data Management) and/or LDAP directories to business applications (relying parties). Provisioning of groups can be arranged via both push and pull mechanisms.

Client benefits

Automated & efficient provisioning processes;
Group provisioning on pull- and push basis;
Supports open source frameworks as ConnID;
Standard connectors or API- and SCIM-based.

User Scenario: Agents

Business partners that have access to an organisation's online systems and services are often addressed as co-workers with B2E functionality. But partners like agents and brokers are also important customers and represent the road towards the end-consumer. iWelcome's multi-level delegation platform is rooted in Consumer IAM. It enables agents to efficiently co-work with your internal organisation, while at the same time providing them with an optimal customer journey, eventually servicing the end-consumer.

User Scenario: Guests

Adding, managing and timely removing Guest User Accounts can be a labour-intensive job. iWelcome's B2B solution enables organisations to create a custom-branded self-service page where guests (but also consumers) can take matters into their own hands and request access to applications, self-manage their account information, download personal data or update their security settings. Hosts can exist on several levels, and they can register or invite their guests and authorise time-based access, minimising handling and dormant accounts.

User Scenario: Outsourcing

Outsourcing certain business processes can be profitable, but is sometimes challenging for your IT organisation. External organisations will need access to systems and applications, and in some situations externals will need to cooperate with your internal staff. With iWelcome's multi-level delegation capabilities you can add delegated admins on different levels in the external organisations, allowing them to further cascade roles to the identities within their organisation and manage these themselves. IT admins within your organisation will still keep a high level of control, while freeing them from administrative burdens.

User Scenario: Service Desk and Customer Care

Keeping customers happy is key to any company's success. iWelcome's comprehensive service desk functionalities help customer care teams deliver an outstanding customer experience by providing them with the necessary tools to correctly identify, verify, monitor and manage users. Bulk actions, automation rules and attribute customisation make time-consuming jobs fast and effective. By providing a scalable, adaptive customer care service, organisations can make the process of providing hands-on support more effective for both end-users and service desk teams.

Solutions

Full Solutions

On-Top Solutions

Industries

About Us

Resources

Solutions

Full Solutions

On-Top Solutions

Industries

About Us

Resources

B2B IAM

Suppliers, agents, offices and guests

Invitations, Requests and Approvals

Multi-level delegation with Roles & Attributes

Multi-Factor Authentication for power users

Suppliers, agents, offices and guests

Invitations, Requests and Approvals

Multi-level delegation with Roles & Attributes

Multi-Factor Authentication for power users

Wide range of user scenarios

iWelcome's B2B IAM Key Features

User Scenario: Agents

User Scenario: Guests

User Scenario: Outsourcing

User Scenario: Service Desk and Customer Care

Download our CIAM Buyer Toolset

Solutions

Industries

About Us

Resources

Support

Follow iWelcome