The Identity Claiming feature allows organizations to provide a central location for on boarding new Identities. This feature provides a predictable approach for organizations to control their global on boarding process to ensure all users follow the same process. By solidifying the on boarding process it provides for a decrease in help desk related calls as well. The feature provides end users all they need to on board, easily and efficiently.
The following functions are available within the Identity Claiming feature:
|Fischer provides for attribute-based Identity verification. This allows IGA Administrators to display the attributes that create their unique Identity. The end user must enter correct attribute values to proceed. Note that the values are stored within Fischer's Identity Registry.|
|The Identity Claim feature is unique from other on boarding methods available from Fischer in that it will provide the user with their Identity ID, on screen. This creates a more elegant user experience. While some may say display such information can be considered a security issue, Fischer contends that leveraging attribute-based identity verification in conjunction with Fischer's Authenticator is a sufficient amount of Identity verification to be as certain as possible that the end user attempting to on board is in fact the correct user.|
|Setting the Identity ID Password|
The ultimate goal of the Identity Claim feature is to sufficiently validate the Identity as well as provide for the ability to set a unique password only known to the end user.
Fischer will initially scramble all passwords, this is the best practice security control you should employ:
It is important to note that Fischer will generate a random password within the provisioning engine at run time that is not known to anyone. When the end user successfully verifies their Identity and sets the password, he or she will be the only individual that knows it. This is an important security feature that can protect organizations from potential hijacking of new accounts since it is Fischer and Fischer alone that controls the initial building of the password and stores it into the secured Identity System.
Below is the user experience when using the Identity Claiming feature
In the first step, the end user must provide the attribute values associated with the displayed fields. The goal is to uniquely identify the Identity profile provisioned within Fischer. Organizations can determine which attributes to display for attribute verification and can easily modify the screen leveraging Fischer's Dynamic UI feature. Refer to Dynamic Configuration UI Guide for more details.
The second step enables organizations to provide multi-factor authenticationThis is an added security step that provides for the least risk averse scenario for on boarding new Identities by offering two layers of verification prior to continuing with the on boarding process.
The Identity System
Note that the User ID displayed within the Identity Claim feature is the username stored within Fischer's IdentitySystem (LDAP). This is not customizable and is the most secure way to on board a user (with Fischer's Identity Registry information).
The final step in the Identity Claim process will provide the Identity with the ability to set their password for the fist time.
Please sign in to leave a comment.