Through the exercises of this module (IAM Academy 4), we will use a fictitious customer case: SmartPlan Group.

SmartPlan Group is an energy company that offers innovative services to both B2B and retail consumers.

Background

The following picture shows SmartPlan Group's operating environment and the Customer Identity and Access Management solution.

In short:

User management is now done manually by the SmartPlan customer service and is too expensive due to the large user base
SmartPlan will provide an online service called MySmartPlan to its business customers for their user account management
SmartPlan Application is a custom application that provides services (e.g. see electricity consumption)
Additionally, federated sign in is needed for enterprise customers
The existing CRM system is the master database for customer contract information

The Solution

Let's look at three aspects of the solution: concept, extranet architecture and the technical solution.

1) Solution Concept

The solution concept is depicted in the following image:

In the proposed solution, the steps are:

The Account Manager at SmartPlan (Scott Long) creates an account in the CRM system
Scott Long adds City Group Contact Person (Jeremy Mills) to MySmartPlan
Later Jeremy Mills can do Single Sign-On to SmartPlan Application and MySmartPlan

2) Extranet Architecture

3) Technical Solution

In more technical details, the solution comprises of:

MySmartPlan, which allows account self-service and user management (based on CustomerID user interfaces)
The SmartPlan application is a Java-based extranet portal running on Apache Tomcat
Integration is done using Ubisecure SAML SP for Java module
User information will be imported initially using an import file
Account information is enriched using the Ubisecure CustomerID REST API
Federated sign in is done using the SAML 2.0 protocol

Roadmap for Customer IAM

IAM Academy 4 Implementation

Functionality of the solution

One service integration (SmartPlan Application) using Ubisecure SAML SP for Java-license
Authentication methods
- Username & password
- OTP by SMS
- Social login with Google
- Federated login for business customers
Login screen customised to SmartPlan brand
Administrative interface for
- SmartPlan customer service to invite users and manage users and access rights
- Customer administrative users to invite users and manage users and access rights of users from their own organisation
Self-registration workflows

Enterprise Accounts

Use Case

Account Manager starts the process by creating the City Group Contact person in the MySmartPlan online service.

To delegate the management of its services, the contact person then delegates management to a representative. In our example, Scott Long will invite Jeremy Mills as the main administrative user for City Group, Inc.

Requirements

External provisioning of new organisation and contract (CRM as Master Data repository) information must be possible through REST API
Smart Plan staff must be able to manage users
- Create and invite users
Contact Persons for customer organisations must be able to
- invite new users to the organisation
- delegate management of services
End users for customer organisations must be able to
- manage their phone number and email information

SME organisations

Use Case

Self-service registration is offered for SME customers - so that customers can register for an account and start doing business without an invitation.
Karl Kearnes, the Contact Person for KOKO Media Inc., initiates the registration workflow:

Requirements

In addition to previous requirements:

Offer registration workflow for organisation contact persons
Back office staff must approve new organisations registrations
Contact persons must be able to invite new users to the organisation
Contact persons must approve new user registrations

Browser not supported