a backstage tour of identity - paris identity summit 2016
TRANSCRIPT
© 2016 ForgeRock. All rights reserved.
Backstage Tour of IdentityAlain Barbier, Principal Customer Engineer
Jon Knight, Senior Customer EngineerLéonard Moustacchis, Senior Customer Engineer
© 2016 ForgeRock. All rights reserved.
“Band Materials”: An Evolving Modern Organisation
1M weekly active users rising to 10M in year 1
Omni-channel device access
Home grown & legacy
infrastructure
Costly to maintain& future proof
New applications and infrastructure to be
cloud-firstCompetitive
pressures require agility and
differentiation Existing system insecure with poor UX
© 2016 ForgeRock. All rights reserved.
Requirement #1
We need rapid integration & protection of existing apps, services & API’s!
© 2016 ForgeRock. All rights reserved.
Poor UX / SSO
Multiple legacy
user stores
Single app entry point & user store
Old World New World
© 2016 ForgeRock. All rights reserved.
Requirement #2
But all new apps and services will run in Cloud Foundry. Can we still integrate?
© 2016 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved.
Requirement #3
Our user registration and sign up process needs simplifying!
© 2016 ForgeRock. All rights reserved.
Increase new user sign up Increase assurance by mapping social data to internal data Increase sign in speed for existing users
Protected apps& resources
S3 – Simple Social Sign up / in
© 2016 ForgeRock. All rights reserved.
Requirement #4
Social sign in seems insecure. Can we make it safer?
© 2016 ForgeRock. All rights reserved.
Friction free Push Authentication Smart Trigger – for untrusted actions, devices, locations Simple and Secure for Android & iOS
Out of band secondfactor
Protected apps& resources
© 2016 ForgeRock. All rights reserved.
Requirement #5
MFA is great...but I want something more in-session, transparent and contextual..
© 2016 ForgeRock. All rights reserved.
Post login, in-session check Leverage context Analyse geo-loc changes
Policy engine withaccess to external
context
Device & Environmental
changes
© 2016 ForgeRock. All rights reserved.
Requirement #6Sign up has increasedSign in is more secureSign in is simpler..but I want gadgets!We need to be competitive...
© 2016 ForgeRock. All rights reserved.
Devices need identities too!
“Pin & Pair” - device representing a user to a service or application
Easy revocation for device sale or theft
Device accesses
services on usersbehalf
Simple outof band pairing
© 2016 ForgeRock. All rights reserved.
Thank You