IDaaS Quicksheet
| Services | Internal | Featured Partner | External Customers | Application |
|---|---|---|---|---|
| Sign-Up | × | |||
| Sign-In | × | × | ||
| Self Service Password Reset | × | |||
| Single SignOn (SSO) | × | × | × | |
| Social Identity | × | |||
| Update Profile | × | |||
| IDaaS API Service (if user exists/JWT token) | × | |||
| Service To Service | × | |||
| Multi Factor Authentication (MFA) | × | × | × | |
| Text | × | × | × | |
| Phone Call | × | × | × | |
| × | × | × | ||
| Authenticator mobile app (push notification) | × | |||
| Conditional/Policy based access | × | |||
| Identity Protection/Risk Based Auth | × | |||
| API Integration w Identity Proofing services | × |
What is IDaaS?
-
Identity as a Service (IDaaS) is summarized as the following
- Single point of authentication
- Single Sign On (one unique identity w/ one username & password)
- Customer self-manages identity and associated attributes
- Customers may reset their own passwords
- IDaaS can be thought of as Single Sign-On (SSO) for the cloud.
- IDaaS will transcend security boundaries, allowing applications and APIs to be integrated while running anywhere on any platform or hosting environment. It will provide a holistic control plane for on-prem and cloud-based identity systems to manage your application’s Identity Lifecycle.
- IDaaS separates Identity from the application allowing the application development team to focus on business requirements and not have to implement an Identity Solution.
- IDaaS can be used for cross-application solution.
Preparation
Below are some questions for application owners that would help the IDaaS team to provide a level of effort:
- Is your application legacy or greenfield?
- Who will be accessing the application?
- What framework/technology stack are you using?
- What is your application’s authentication / authorization process?
- When does the application need to go live with IDaaS?
- Is SSO used between multiple applications?
- Are there any high-level architecture diagrams available for us to review?
Basic Flows - Sign-Up
-
Profile Data provided by a different application (i.e. FAST)
- Optional phone number and/or email address verification
- User provided Username and Password
- Optional User Edit of Profile Data including optional phone/email (re)verification
- Optional Identity Proofing
-
Profile Data collected from user
- Create Account View including Verify primary phone number and/or email address
- User provided Username and Password
-
Profile Data collected from existing account in application
- User provides existing application credentials and application user data is retrieved
- Follow Profile Data provided by application flow above
- Customizable workflow
Basic Flows – Update Profile
-
User Edit of Profile Data (local account only)
- Optional phone/email (re)verification
- Password Reset
- Change Notifications
-
Social Identity Step-up Authentication
- Link social identity(s) to local account
Basic Flows – Sign In
-
Account sign-in options
- IDaaS Identity (Local account)
- First American Employee (Internal SSO)
- Partner Employee (External SSO)
- Social Identity (External Account)
-
Account sign-in assistance
- Forgot Username
- Forgot Password
- Help Screen FAQ
- Customizable workflow