Customer Case Introduction: SmartPlan
Through the exercises of this module (IAM Academy 4), we will use a fictitious customer case: SmartPlan Group.
SmartPlan Group is an energy company that offers innovative services to both B2B and retail consumers.
Background
The following picture shows SmartPlan Group's operating environment and the Customer Identity and Access Management solution.
In short:
- User management is now done manually by the SmartPlan customer service and is too expensive due to the large user base
- SmartPlan will provide an online service called MySmartPlan to its business customers for their user account management
- SmartPlan Application is a custom application that provides services (e.g. see electricity consumption)
- Additionally, federated sign in is needed for enterprise customers
- The existing CRM system is the master database for customer contract information
The Solution
Let's look at three aspects of the solution: concept, extranet architecture and the technical solution.
1) Solution Concept
The solution concept is depicted in the following image:
- The Account Manager at SmartPlan (Scott Long) creates an account in the CRM system
- Scott Long adds City Group Contact Person (Jeremy Mills) to MySmartPlan
- Later Jeremy Mills can do Single Sign-On to SmartPlan Application and MySmartPlan
2) Extranet Architecture
3) Technical Solution
In more technical details, the solution comprises of:
- MySmartPlan, which allows account self-service and user management (based on CustomerID user interfaces)
- The SmartPlan application is a Java-based extranet portal running on Apache Tomcat
- Integration is done using Ubisecure SAML SP for Java module
- User information will be imported initially using an import file
- Account information is enriched using the Ubisecure CustomerID REST API
- Federated sign in is done using the SAML 2.0 protocol
Roadmap for Customer IAM
IAM Academy 4 Implementation
- One service integration (SmartPlan Application) using Ubisecure SAML SP for Java-license
- Authentication methods
- Username & password
- OTP by SMS
- Social login with Google
- Federated login for business customers
- Login screen customised to SmartPlan brand
- Administrative interface for
- SmartPlan customer service to invite users and manage users and access rights
- Customer administrative users to invite users and manage users and access rights of users from their own organisation
- Self-registration workflows
Enterprise Accounts
Use Case
Account Manager starts the process by creating the City Group Contact person in the MySmartPlan online service.
To delegate the management of its services, the contact person then delegates management to a representative. In our example, Scott Long will invite Jeremy Mills as the main administrative user for City Group, Inc.
Requirements
- External provisioning of new organisation and contract (CRM as Master Data repository) information must be possible through REST API
- Smart Plan staff must be able to manage users
- Create and invite users
- Contact Persons for customer organisations must be able to
- invite new users to the organisation
- delegate management of services
- End users for customer organisations must be able to
- manage their phone number and email information
SME organisations
Use Case
- Self-service registration is offered for SME customers - so that customers can register for an account and start doing business without an invitation.
- Karl Kearnes, the Contact Person for KOKO Media Inc., initiates the registration workflow:
Requirements
In addition to previous requirements:
- Offer registration workflow for organisation contact persons
- Back office staff must approve new organisations registrations
- Contact persons must be able to invite new users to the organisation
- Contact persons must approve new user registrations