Nevis Identity Suite – Identity Management

What Is Identity Management (IDM)?

Identity management covers all processes and systems used to manage the entire life cycle of identities. This also includes the authentication methods used and authorisation details such as roles and authorisations. The purpose of identity management is to harmonise these processes across different systems. It handles the identification of individuals in a system that makes resources available – specifically when not every user is to have equal access to all resources.

Identity management can be used to determine

what a user is permitted to do
which devices provide the user with access to specific resources and
the circumstances under which the user is granted access

How Does Identity Management With Nevis Work?

The Nevis Identity Suite offers a highly flexible solution for managing customer and partner identities with all associated information such as login data, roles, authorisations and applications. The Nevis Identity Suite lets you centralise the management of all users, roles and authorisations for your business applications. It also allows you to seamlessly roll out single-sign-on and multi-factor authentication for your customers and partners.

The unique user data model and the authorisation model are optimally matched with one another. Advanced B2B and B2C application scenarios such as segmented partner and agency models or family accounts are thus extremely straightforward to realise.

Another unique feature is the ability to handle multi-tenant setups with separate management functions for separate user groups. This means you only need one management solution to cover multiple user populations simultaneously. For example, you can administer several brands in the same system while managing the customers of the different brands separately and independently of each other.

Users can deploy the Identity Suite APIs to integrate self-service functions for their customers and partners, for example, resetting passwords for the customer portals.

The Nevis technical architecture provides extensive functionalities that meet the highest compliance standards such as Identity Repository, User Management, User Self-Service, Delegated Administration and Identity Synchronization. Not all these properties are directly visible to the end user, but all make an important contribution to efficient and compliant identity management.

Identity Repository

The Identity Repository is a core element of the Nevis Security Suite and contains identity data and assigned identity attributes.

The Identity Repository can be scaled up to support millions of users and is used in the production environment of Switzerland’s largest bank by customer number. The Nevis Security Suite supports Oracle as well as MariaDB as database back ends for the Identity Repository.

Other properties of the Identity Repository:

Expandable user identity data model for user attributes, user roles, authorisations and credentials. In this way, you can include additional organisational attributes to a user identity, for example, based on your specific requirements.
Support for terms of business and consent management for GDPR purposes.
Access to user-identity attributes with the help of developer-friendly REST-APIs.
Centralised user administration with uniform user access policies. Policies can be based on unique user attributes such as user location, IP, device and more and can be provided with any combination of MFA factors.
Support for organisational units. Units help you arrange the administration of user data in line with your organisation’s structure. This streamlines the assignment of roles and authorisations and enables the finely graduated delegation of user administration.
Support for multiple tenants.
Improved RBAC-based authorisation model with data room authorisation restrictions.
Encryption of data (in standby mode and during transmission) to avoid costly data protection breaches and legal problems.

User Management

User Management allows administrators to manage the identities of users – using either REST-APIs or a powerful web user interface. Companies manage identities in different phases.

Identities must be:

created in the systems.
associated with certain information, organisational units or specific roles that allow them to perform specific actions in different systems.
searchable, for example, by a customer service employee who is trying to solve a login problem for a customer.
capable of being temporarily blocked in the event of possible fraud.
capable of being updated or removed if they are no longer used.

Administrators can manage all identity elements:

The organisational units that help them specify the management of user data in line with their organisational structure. This makes it easier to assign roles and authorisations and enables the delegation of user administration.
The specification of policies for credentials enables the design of a differentiated authentication system. For example, you could specify one simple and one strong password policy, with different requirements concerning the password length, characters used and the permissible number of resets, etc.
Specifying the terms of business and tracking which terms of business were accepted by users.
Adjustable email and SMS templates that can be used to notify users, for example, if a password reset is due. If the relevant settings are made, messages can also be created in multiple languages.

Delegated User Management

Delegated user management lets you create a hierarchy of user and role administrators to suit the specific requirements of your organisation. This allows responsibility for managing users to be delegated to specific administrators, who are only granted restricted access so that they can only process the organisational parts for which they are responsible.

User Self-Service

User self-service includes all functionalities that allow a user to perform actions and activities in the identity system without the help of an administrator, such as:

Self-service registration
Self-service profile management

The CIAM system makes this functionality available as an API. This is then embedded as part of other portal functions and does not serve as an isolated function.

Self-Service Profile Management

Profile management can contain many functions depending on requirements. Examples of profile management functions include:

Resetting/changing passwords
Changing user attributes such as email addresses or mobile numbers
Changing the preferred language
Registering a different MFA device, e.g. if a user changes a mobile phone
Cancelling consent, for example, for a marketing newsletter

Identity Synchronisation

Identity synchronisation affects all application scenarios in which identity attributes must be replicated or synchronised across different information systems.

Why do we need identity synchronisation?

In an ideal world, a company would only have one system that contains all information about identities such as names, telephone numbers, roles, authorisations, credentials, etc.

However, identity information is frequently fragmented across different systems and must be copied from one system to others. This is where Identity Synchronization comes into play by combining different information assets from different master systems.

Advantages of Identity Management

Identity management applications from Nevis boost the security and productivity of companies. They also contribute significantly to reducing internal costs and expenditure on security.

Efficient user management with delegated administration and self-management
Cost reduction through cross-application user and authentication management
Improved security through central management and control
Consistent and transparent security setup according to regulatory specifications
Improved protection of data and information with internal access management
Supports multi-channel access with device recognition
Multi-client identity management manages users, applications and authorisations centrally

Optimum Customer Experience

We all know how tiresome it was having to use a different password for every user account. With SSO, it will now be possible to authenticate yourself conveniently once for different web portals. Ease of use is a key factor that influences customer loyalty – and SSO has a major role to play in making your offering attractive to customers.

Boosting Productivity

Single sign-on gives your employees rapid access to all the information they need for their work – so they have more time to look after the things that really matter.

Reducing IT Costs

The fewer passwords in circulation, the less time your IT helpdesk must spend dealing with password problems. This will save you more time and money than you might have thought possible!

Which Industries Benefit From Identity Management?

Companies and organisations from all industries are successfully using the proven Identity Management from Nevis. After all, customer, employee and other personal data must be consistent everywhere, constantly available and provided in a reliable manner. The statutory requirements regarding the procurement, storage, deletion, anonymisation, disclosure, etc. of personal data must also be met. This applies to all companies regardless of their size.

Identity Management