[Product Update]: Identity Provider (IdP) & Open ID Connect Standard

Passwords security & Increased efficiency with Identity Provider (IdP) & Open ID Connect Standard in XME.digital

XME.digital recently implemented another feature. Identity Provider (IdP) is a system that allows corporate businesses to deploy their users directly to the system with the Open ID Connect Standard and manage all the accesses, rights, restrictions directly on their side.

In this article:

1. What was before?

2. An IdP workflow

3. What business problems the Identity Provider can solve

What was before?

We've had to create a user manually in the Tenant using the User Account and Authentication (UAA) service. It was fine when there was a small number of Users. Tenants were separated, and one Tenant belonged to one organization. But when we faced a situation where a big company has warehouses, stores, CRM, admins and users, and so forth, we concluded that one Tenant could not play as an application anymore. There were too many roles and too many users. Each Tenant needed its User – and that wasn't a realistic task.

That’s when we figured out that we needed an External IDP provider. It allows the User to open CRM, which redirects him to the Idp-Provider (Google, Azure-ID, Active Directory, Facebook - you name it) and access the CRM, warehouse, or clients base at once.

We created for our users one-click logging-in, which everybody used to in the modern world. At the same time, we let the Company decide who gets the rights, in what systems or timing – we don’t manage it anymore. The Company connects, manages users at their level, and allows them to enter our application. Hiring, firing, promotion, transferring are not an issue anymore. Tenants are communicating inside the system, and users can get access to all resources they need immediately.

Identity Provider became a point of access. It significantly increased security by taking all the passwords, extra data logins, users roles, markers, etc.

An IdP workflow typically involves:

• A request. The user can enter credentials from another login (such as Google or Facebook, or Twitter).

• Verification. The IdP checks with a company's IT to determine if the user has access and what work that person can do.

• Unlocking. The user gains access to the specified resources, and the visit is logged.

This takes mere seconds, and most users don't notice all the hard work happening behind the screen.

Here’re what business problems the Identity Provider can solve:

1. Passwords security. No need to memorize the password or keep it in the notes under the keyboard. Strong KYC policy ensures the credentials of each consumer remain unique and Single Sign-on (SSO) feature instead of a Multi-factor authentication (MFA), which allows your Users to use your services without logging in again and again.

2. Increased efficiency. With IdP, the User can get access from multiple devices, and it works without the IT department involved each time.

3. New Users simple creation. An IdP simplifies the process for an end-user to use the service without creating any accounts. Do you have several thousand visitors per day? Easy-peasy.

4. Fast problem-solving. With an IdP, you can access who made which changes and restore the lost or changed work. You manage all the access and rules on your own, which gives you total control over the users inside the system.

5. Wide range of connectivity options. An IdP provides access using only one account, providing you with a clear picture of the User linked to the account, whether they chose Google or AzureID or any other provider to log in.