Customers can use Descope as an Identity Federation Broker to connect SAML / OIDC applications and IdPs to unify identities across all customer-facing applications
Descope, the drag-and-drop customer authentication and identity management platform, announced the availability of deep identity federation capabilities that enable organizations to centralize user identity management across all customer-facing applications irrespective of their configuration or makeup.
Identity management gets complex quickly. A typical enterprise has disparate customer-facing applications such as support portals, learning management systems, certification systems, partner portals, and supplier applications. These apps usually have different authentication and user onboarding requirements, resulting in patchwork identity systems that are either built in-house and tough to maintain, or are a combination of identity providers (IdP) with limited interoperability across SAML and OpenID Connect (OIDC) flows. Moreover, if customers have multiple login IDs across applications, organizations lose the 360 degree view of the customer journey.
CIO INFLUENCE News: CIO Influence Primer on Data Integration: Definition, Key Techniques, Tools and Examples
Descope helps IT teams and developers add authentication, authorization, and identity management to their apps using no / low code workflows. With the newly added identity federation capabilities, Descope acts as an Identity Federation Broker to enable connections between any permutation of client and IdP. Admins can visually define bespoke user journeys for each application including authentication methods, information collection, and MFA logic.
“The complexity of managing customer identities often grows as the business grows,” said Yaron Levi, CISO at Dolby. “New business units, custom apps, off-the-shelf software, and M&A activity all lead to customer identity silos that teams can spend months reconciling. Poor visibility into user onboarding and auth flows also breeds security gaps that attackers can exploit. Descope’s approach to federation backed by no-code workflows can enable IT teams to easily personalize user journeys per application while ensuring a consistent, secure, and frictionless end user experience.”
Descope as Identity Federation Broker
As an Identity Federation Broker, Descope can act as an identity provider or a service provider based on the situation. The broker can run in three modes:
- If the broker is the IdP, applications can connect to it for authentication.
- If the broker sits in front of one or many IdPs (via both SAML and OIDC), applications can authenticate with any of the IdPs.
- If the broker is in hybrid mode, it can act as an IdP for some applications and enable the connection to other IdPs.
Once the broker is set up, customers can leverage Descope’s drag-and-drop workflows to create custom user journeys for each application as well as easily iterate on them with time. These workflows can also weave in data and actions from third-party connectors to implement use cases such as fraud prevention, localization, and identity verification.
CIO INFLUENCE News: KnowBe4 Integrates With Cisco Duo to Help Organizations Enhance Security Resilience
The flexibility of Descope’s broker and workflow capabilities can help with a wide variety of scenarios. For instance, if an organization’s IdP supports OIDC but a client only supports SAML, Descope can “broker” the connection between a SAML client and an OIDC IdP.
Descope can also securely merge user identities across authentication methods while bridging SAML and OIDC connections. For example, if an app accepts both personal and work email addresses, Descope provides a merged view of the user while still allowing the user to log in with either email ID.
“Customer identity silos and fragmentation is not something that just affects the Fortune 1000,” said Slavik Markovich, Co-Founder and CEO of Descope. “With so many disparate digital interfaces between the user and the business, getting a complete view of the customer is easier said than done for organizations of any size. Descope’s identity federation capabilities can help even lean IT and developer teams take control of their customer identities.”
CIO INFLUENCE News: IntellectEU a Leader in Digital Finance and Emerging Technology Has Joined Google Cloud Partner Advantage
[To share your insights with us, please write to sghosh@martechseries.com]
