Simplifying User Lifecycle Management

Evolution in information technology over the last two decades has enabled companies to expand their value offering, with web-based, customer-oriented digital services that allow easier, faster, and more valuable interactions between business and customer.

There are currently a host of business applications accessed not only by internal employees, but also by customers (whether B2B or end users) and, in more advanced scenarios, apps accessed by an even greater variety of users, such as external partners, suppliers, external authorities, and others.

Usually, an IT department handles user accounts for internal tools and resources, but it is no longer rare for externally accessed applications to have custom-implemented user creation and authorization management.

Once multiple external entities (perhaps a customer and supplier) need access to more than one of your digital services, the challenge arises of creating separate accounts for the same user of different applications. This creates overhead in processes within user lifecycle management (ULM), such as creation/onboarding, permissions administration, and the sensitive topic of user offboarding. What you really need is a solution for centralized user lifecycle management.

Currently, it is quite common to integrate your external digital services with user management solutions offered by the Cloud provider, in addition to what your intranet is built for. This means that we take, for example, the Azure Active Directory, and create an “ext_…” account for the external user who needs to access one or more of your applications.

The more services and external users you have, the greater likelihood they will overwhelm your IT department with requests for user and permissions management for software applications–something your business managers could handle very well on their own.

There is no longer the need to implement fully custom-made authentication mechanisms, which were popular during the pioneering age of Web 2.0. Instead, we can build a solution that uses the well proven authorization services of the big players in the Cloud industry, like Azure, AWS, and Google Cloud.

Services like Azure B2C, Active Directory, AWS Cognito, have built-in mechanisms for user onboarding, credentials, and profile management, and follow the high-level security standards of the Cloud providers they belong to.

But we wanted something more:

• A solution that makes it possible to delegate the user onboarding and permission management from the IT departments to software application managers, yet a solution that allows the IT department to have an overview and take control, if needed. 
• A solution without the need for application managers to deep dive into Azure or AWS portals. They should not need to learn how those Cloud services handle user lifecycle management in order to manage roles and permissions of the various users. Instead, our solution lets them decide how they want to handle it, using an ad-hoc ULM dashboard.
• A solution that simplifies the integration of a centralized ULM into new digital services being developed.

The result consists in a setup that:

• Permits users to sign themselves up using a chosen authentication methods, and allow them basic access to your applications.
• Offers an easy-to-use ULM administration dashboard that lets you invite new users (and also supports bulk invitations) and extend their basic rights to advanced rights, as needed.
• Enables a connection with other Active Directories, so that your business clients, for example, may access your digital services using their existing work credentials.

At Proekspert we have a variety of cases where we have found solutions for a centralized ULM. Read more here and visit us at the Embedded Fair in Nuremberg.