Digital identities as part of the user lifecycle: why you should switch to centralised user management.

An article by Stephanie Ta, Syntlogo GmbH:
When it comes to web portal security, everyone thinks of password security. But passwords only represent a small component of security when viewed holistically. If user accounts are managed in a way that takes account of the entire user lifecycle, you can enhance the benefits of digitalisation and boost innovation at the same time.

Everyone is talking about identity providers. Their software is based on protocols such as SAML 2.0, OAuth 2.0 or OpenID Connect. They function as an authentication service for websites. The advantage is that the users of a web platform do not have to think of a new password because they can log in through an existing account. This account often comes from social networks such as Twitter or Facebook. However, it can also be commercially based, e.g. with Microsoft or Google G Suite. The identity provider programs have the same characteristics:

    • They are are based on authentication protocols to log a user in.
    • They offer easier user logins through their “identity service”. Users avoid the trouble of creating a new account. The barrier to using a password-secured application is automatically lowered.
    • They are one element in the entire user lifecycle that enables single or multiple access to a web app.
    • They function for the above-mentioned task and can thus increase the conversion rate of websites.
    • Generally, they cannot
      • handle workflows
      • offer upkeep,
      • offer user-data maintenance,
      • nor can they perform rights management for certain permissions within the application.

We can therefore conclude that identity providers are an important component of user management, but they can’t do it all. As soon as a user has logged in, many tasks arise in the system, which should run as automatically as possible. Why is this?

It is because the management of portal users and their data goes deeper than logins only.

With the European Data Protection Regulation (EU GDPR), many requirements arise. And the manual processing of tasks places a very heavy burden on support. As soon as you have implemented a functioning lifecycle management, many things run automatically and in compliance with the GDPR. People talk about the user lifecycle (ULC), but, strictly speaking, it is all about the user’s account.

The account lifecycle and the associated user management are the central aspects of every password-protected internet portal.

Identity lifecycle:

From secure authentication to authorisation and termination of user accounts.

We distinguish between external and internal ULC. An internal lifecycle refers to the employees of a company. The management of an internal ULC consists of:

    • On-boarding
    • Provisioning
    • Access control
    • Changes
    • Audits & governance

Would you like to learn more about this topic? Then please read this article (in German).

 

Our focus is on external ULC:

    • Registration and GDPR approval
    • Applying for roles, gaining access
    • Distributed administration (e.g. to customers, suppliers / external companies)
    • Changes to user information or contracts
    • Downloads of user data and “forget-me” requests
    • Mandatory information (invoices, contracts, etc.) – delete only after 10 years

Want to learn more? Then take a look at the freely accessible IAM special from <kes>. You’ll find our article on page 12, or you can download it here (in German).

+

Internet portals, your users and the GDPR – how can you meet all the requirements today?

Read our blog articles on these highly relevant topics:

GDPR – protect and save data (in German)

Implement GDPR with CIAM systems (in German)

We would be happy to show you how to manage user lifecycles, GDPR compliance, centralised user management and much more as part of live demonstration.

We would be happy to demonstrate a user lifecycle in a live demo.

Make an appointment with us – no strings attached.

    Subject *

    Name *

    E-Mail *

    Telephone

    Company

    Message *

    Please insert text captcha
    Please prove you are human by selecting the Flag.


    I hereby agree that Syntlogo GmbH and/or intension GmbH may contact me by telephone, e-mail or post. I am aware that I can revoke this consent at any time with effect for the future, by e-mail to info@syntlogo.de or via this contact form. We inform you that the revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until revocation. Our privacy policy.