Identity self-service is a term that refers to a solution that straddles the line between fully-fledged self-service password reset and identity management all without the high costs that come with complete IDM solutions
Identity self-service is a term that refers to a solution that straddles the line between fully-fledged self-service password reset (SSPR) and identity management (IDM). By offering a simplified take on IDM, Identity Self-Service solutions like LogonBox can cater for larger organisations but also offer the benefits to smaller businesses too, reduced helpdesk tickets increased productivity and profitability, all without the high costs that come with complete IDM solutions.
This article covers the core functions that form an identity self-service solution and how businesses and end-users get the benefits of both worlds of SSPR and IDM.
Reducing Password Tickets Through Self-Service Password Reset
Self-Service Password Reset enables employees to reset their passwords when they have forgotten it; this works in tandem with self-service account unlock. Together these enable employees to manage passwords and accounts without the need for IT support team involvement.
Self-service password reset solutions perform the reset and unlock functions by directly interacting with the user directory, typically this is Active Directory. The release of RFC 2251 describing LDAPv3 in the late 90s led to businesses like Sun, Novell, IBM and Microsoft to develop LDAP-based directory servers. With Microsoft’s wide reach Active Directory (AD) became the defacto directory server in the workplace, so it comes as no surprise SSPR solutions integrate with this as standard.
release of RFC 2251 describing LDAPv3 in the late 90s led to businesses like Sun, Novell, IBM and Microsoft to develop LDAP-based directory servers
The number of directory servers has increased over the years, and it is not uncommon to find businesses with more than one in use. With the drive to the cloud, there are also directory servers hosted in the cloud including Active Directory (Azure AD). This increase has led to self-service password reset vendors having to provide integration with multiple directory servers from AD, to Google, Linux, OpenLDAP and even databases.
annual cost of productivity and labour loss per company averages $5.2 million annually by IT helpdesk managing employee passwords
This increase in integration gives businesses the convenience of managing password resets and accounts all from one single product. The Ponemon Institute survey of IT professionals estimates the annual cost of productivity and labour loss per company averages $5.2 million annually by IT helpdesk managing employee passwords. Businesses can reduce costs considerably by choosing a self-service password reset solution that can integrate with all their directory servers.
Introducing Productivity Through SSO
The second core feature of identity self-service is single sign-on, enabling users to launch and login to applications with just a single click without needing to enter, remember or be aware of the required credentials for the target applications. Single sign-on (SSO) authentication is now required more than ever almost every website requires some form of authentication to access its features and content. With the number of websites and services rising, a central login system has become a necessity.
over half of the 15,000 IT professionals surveyed continue to share credentials amongst colleagues
The range of technologies available for single sign-on includes SAML, JWT, OpenID. The choice means more applications can integrate with secure single sign-on and for those apps that do not support any recognised protocol, there is always form-based injection sign-in.
The more applications that integrate into an SSO portal, the higher the benefit. The Ponomen survey recently highlighted that over half of the 15,000 IT professionals surveyed continue to share credentials amongst colleagues, over half use insecure methods to store credentials, single sign-on can help eradicate these practices.
Increasing Security with MFA
Identity self-service is a security product; through security, it offers productivity and financial benefits. This convenience cannot be achieved securely without multi-factor authentication (MFA). Incorporating MFA adds a second factor of authentication when logging into an SSPR portal to manage passwords. This process entwines a password to an identity, only the real owner of a password would own the physical device used by the MFA tool.
Including multi-factor authentication into the login process in an identity self-service portal can secure applications too. Before a user can launch an application through single sign-on, MFA verifies the user is the right identity for the assigned applications.
Another vital component to help set identity self-service apart is user provisioning, the automating of new user enrolment and resource assignment. New employee enrolment is a time-consuming process involving multiple staff members. User provisioning manages this cycle through self-enrolment forms, processing of user data (copying it into Active Directory attributes or another internal system), creating the user account in the destination directory server and assigning the right groups and roles to the account.
The provisioning process can also be extended to include full lifecycle management, automating the retiring of an account when the accounts classification changes for example when a user leaves, the account is automatically disabled. Reducing the involvement of external departments and making enrolment a frictionless process can result in a streamlined enrolment process and offers a significant productivity improvement and less downtime for new employees to get going.
On average a user has anywhere between 10-100 credentials in use in the workplace, being able to manage these securely and accessing them as and when needed can eradicate the need for insecure methods. Injecting and integrating with single sign-on can lead to a very secure workplace where passwords do not need to be memorised, shared or even entered into login pages.
Identity self-service extends SSPR, it goes beyond SSO, including additional user-focused functionality like self-service user provisioning and password management. By incorporating more businesses gain more such as reduced helpdesk tickets, increased productivity, better user management, increased security all at a fraction of the cost of full identity management solutions.
Not Already a LogonBox Customer?
Interested in LogonBox after this introduction to identity self-service? Try LogonBox and get started for free, LogonBox on-premise foundation is free for an unlimited number of users forever, with an affordable pricing model that scales as you do. You can learn more about LogonBox by checking out our website, blog, or simply by contacting us.
*** This is a Security Bloggers Network syndicated blog from LogonBox Journal authored by Majid Latif. Read the original post at: https://www.logonbox.com/en/journal/what-is-identity-self-service-the-logonbox-approach/