iWelcome's B2B IAM, delegating access for online collaboration
Whether you sell through agents or suppliers are accessing portals, business processes are outsourced or guests require temporary access... it is all B2B!
With iWelcome's dedicated B2B-module the on-boarding of business partners is super fast. Registration and activation for delegated users is available in various templates and can easily be configured with the right permissions for all common B2B, B2B2B and B2B2C use cases.
B2B is about empowering partners to create and manage users in their scope, giving trust while reducing administrative labour and at the same time setting the boundaries.
In a simple end-user focused User Interface, users can either be invited or created. Existing users can request access or are automatically granted. Customer Care can easily check accounts and support users with the Service Desk interface.
Regardless of your business relationship, you want to empower your business users, you do not want to have the administrative burden and you still want to be in control.
The powerful iWelcome RITM delegation portal is the answer. With iWelcome RITM you can define the scope for delegated access, using roles and attributes. Your business users can take it from there. This may include identity verification steps and restrictions on email domains, like "x.y@businesspartner.com".
Business users can have limited access, but may also be power users and hosts, able to delegate access to other users. Multi-factor authentication is a key security requirement for these users.
In addition to traditional one-time-passwords (OTP) over SMS, iWelcome provides a customer styled MFA App, available for Apple and Android. This App supports OTP, but more user friendly is the push/swipe. You get a push notification on your phone to simply accept or reject the authentication request.
One of the most used ways of logging in is the ‘Forgot password’ button. Considering the increasing complexity of passwords and the average consumer having up to 90 different online accounts, this doesn’t come as a surprise. Passwordless authentication is the solution to authenticate users by other means than a username/password combination. It tackles two problems at once: passwords are hard to remember and easy to hack.
iWelcome offers the option to log in with an email address on request or by invitation. With a magic link that is sent to the email account, users can securely log in, taking away friction for the user, resulting in an optimised customer journey.
Collaborating with business users requires granting them access to the right resources, for the right amount of time, while empowering them to further cascade roles to new users, through delegation.
iWelcome’s RITM access management platform provides a sophisticated multi-level delegation model that allows you to efficiently onboard and manage business partners and applications through delegation, entitlements and customisations, according to the project’s needs.
Client benefits
Even though multi-factor authentication may still be seen as burdensome, it is indispensable to those companies who wish to provide a high level of security to their users and be compliant with global security and privacy requirements.
iWelcome provides a customisable multi-factor authentication experience to power users through four passwordless authentication methods, based on industry standards. Soft-token authentication is possible using time-based one-time password that can be delivered via SMS or generated by the iWelcome Authenticator mobile app. Alternative multi-factor authentication methods are Push Notifications (the default authentication method) or e-mail magic link.
Client benefits
The eRecognition (eHerkenning) login system is a standardised system that allows government organisations to verify a private company’s identity and ensure they are dealing with the right company representatives. Its aim is to incentivise public-private sector cooperation.
iWelcome’s data centres reside in Europe and has been certified by the Dutch government to provide verified e-identity, authentication and authorisation solutions under the eRecognition program. We support common open standards such as SAML, OpenID Connect or OAuth (for authentication and federation), as well as SCIM (for provisioning).
In addition to the eRecognition certification, we integrate with third party identity providers (IdP’s), allowing us to outsource the validation of user credentials to a third party, such as Active Directory on Azure or a social network.
Client benefits
iWelcome offers multi-level user management functionality that can be used to add users and groups, assign users to groups and to push the workload and accountability of specific actions to other users.
Delegation of user management is supported on several levels, where at every level users can be assigned the role of delegated admins, allowing them to cascade roles to identities in scope.
By using a decentralised access management system, our customers leverage the platform's multi-level capability of managing identities.
Among others, the following scenarios are supported:
Client benefits
Access to information is governed by a combination of roles and role types, system rules and flexible structures.
Within iWelcome’s B2B IAM, roles are collections of permissions that control what data and applications an identity can access and what actions it can perform. These can be configured according to the organisation’s needs for users and applications.
The automation dimension of the platform is given by rules, that can be used to instruct the system to automatically assign pre-defined roles to all entities that follow the desired criteria, at a predefined periodicity.
We use flexible structures such as schemas, collections and structures as a logical means of organising data. By using a combination of static and adaptive structures that can be defined on a single level or can be nested on several levels, we provide a more granular control over what identities can access and how.
Client benefits
Provisioning refers to the creation, maintenance and deactivation of user objects and user attributes over multiple systems and applications allowing these to interact with business logic.
The iWelcome platform provisions and de-provisions’ user accounts and attributes from multiple source systems (e.g. CRM, HR or any other identity stores like Active Directory, Windows Azure Active Directory, Identity Management Systems, and/or Master Data Management) and/or LDAP directories to business applications (relying parties). Provisioning of groups can be arranged via both push and pull mechanisms.
Client benefits
Business partners that have access to an organisation's online systems and services are often addressed as co-workers with B2E functionality. But partners like agents and brokers are also important customers and represent the road towards the end-consumer. iWelcome's multi-level delegation platform is rooted in Consumer IAM. It enables agents to efficiently co-work with your internal organisation, while at the same time providing them with an optimal customer journey, eventually servicing the end-consumer.
Adding, managing and timely removing Guest User Accounts can be a labour-intensive job. iWelcome's B2B solution enables organisations to create a custom-branded self-service page where guests (but also consumers) can take matters into their own hands and request access to applications, self-manage their account information, download personal data or update their security settings. Hosts can exist on several levels, and they can register or invite their guests and authorise time-based access, minimising handling and dormant accounts.
Outsourcing certain business processes can be profitable, but is sometimes challenging for your IT organisation. External organisations will need access to systems and applications, and in some situations externals will need to cooperate with your internal staff. With iWelcome's multi-level delegation capabilities you can add delegated admins on different levels in the external organisations, allowing them to further cascade roles to the identities within their organisation and manage these themselves. IT admins within your organisation will still keep a high level of control, while freeing them from administrative burdens.
Keeping customers happy is key to any company's success. iWelcome's comprehensive service desk functionalities help customer care teams deliver an outstanding customer experience by providing them with the necessary tools to correctly identify, verify, monitor and manage users. Bulk actions, automation rules and attribute customisation make time-consuming jobs fast and effective. By providing a scalable, adaptive customer care service, organisations can make the process of providing hands-on support more effective for both end-users and service desk teams.
