Through the exercises of this module (IAM Academy 4), we will use a fictitious customer case: SmartPlan Group.
SmartPlan Group is an energy company that offers innovative services to both B2B and retail consumers.
The following picture shows SmartPlan Group's operating environment and the Customer Identity and Access Management solution.
- User management is now done manually by the SmartPlan customer service and is too expensive due to the large user base
- SmartPlan will provide an online service called MySmartPlan to its business customers
- MySmartPlan is a custom Java-based application
- Additionally, federated sign in is needed for enterprise customers
- The existing CRM system is the master database for customer contract information
Let's look at three aspects of the solution: concept, extranet architecture and the technical solution.
1) Solution Concept
The solution concept is depicted in the following image:
- The Account Manager at SmartPlan (Scott Long) creates an account in the CRM system
- The Contact Person at City Group (Jeremy Mills) self-registers and enriches user information
- Later Jeremy Mills can do Single Sign-On to SmartPlan Application
2) Extranet Architecture
3) Technical Solution
In more technical details, the solution comprises of:
- MySmartPlan, which allows account self-service and user management (based on CustomerID user interfaces)
- The SmartPlan application is a Java-based extranet portal running on Apache Tomcat
- Integration is done using Ubisecure SAML SP for Java module
- User information will be imported initially using an import file
- Account information is enriched using the Ubisecure CustomerID REST API
- Federated sign in is done using the SAML 2.0 protocol
Roadmap for Customer IAM
Account Manager starts the process by creating the City Group Contact person in the MySmartPlan online service.
To delegate the management of its services, the contact person then delegates management to a representative. In our example, Scott Long will invite Jeremy Mills as the main administrative user for City Group, Inc.
- External provisioning of new organisation and contract (CRM as Master Data repository) information must be possible through REST API
- Smart Plan staff must be able to manage users
- Create and invite users
- Contact Persons for customer organisations must be able to
- invite new users to the organisation
- delegate management of services
- End users for customer organisations must be able to
- manage their phone number and email information
- Self-service registration is offered for SME customers - so that customers can register for an account and start doing business without an invitation.
- Karl Kearnes, the Contact Person for KOKO Media Inc., initiates the registration workflow:
In addition to previous requirements:
- Offer registration workflow for organisation contact persons
- Back office staff must approve new organisations registrations
- Contact persons must be able to invite new users to the organisation
- Contact persons must approve new user registrations