a backstage tour of identity - paris identity summit 2016

© 2016 ForgeRock. All rights reserved.

Backstage Tour of IdentityAlain Barbier, Principal Customer Engineer

Jon Knight, Senior Customer EngineerLéonard Moustacchis, Senior Customer Engineer

© 2016 ForgeRock. All rights reserved.

“Band Materials”: An Evolving Modern Organisation

1M weekly active users rising to 10M in year 1

Omni-channel device access

Home grown & legacy

infrastructure

Costly to maintain& future proof

New applications and infrastructure to be

cloud-firstCompetitive

pressures require agility and

differentiation Existing system insecure with poor UX

© 2016 ForgeRock. All rights reserved.

Requirement #1

We need rapid integration & protection of existing apps, services & API’s!

© 2016 ForgeRock. All rights reserved.

Poor UX / SSO

Multiple legacy

user stores

Single app entry point & user store

Old World New World

© 2016 ForgeRock. All rights reserved.

Requirement #2

But all new apps and services will run in Cloud Foundry. Can we still integrate?

© 2016 ForgeRock. All rights reserved.

© 2016 ForgeRock. All rights reserved.

© 2016 ForgeRock. All rights reserved.

Requirement #3

Our user registration and sign up process needs simplifying!

© 2016 ForgeRock. All rights reserved.

Increase new user sign up Increase assurance by mapping social data to internal data Increase sign in speed for existing users

Protected apps& resources

S3 – Simple Social Sign up / in

© 2016 ForgeRock. All rights reserved.

Requirement #4

Social sign in seems insecure. Can we make it safer?

© 2016 ForgeRock. All rights reserved.

Friction free Push Authentication Smart Trigger – for untrusted actions, devices, locations Simple and Secure for Android & iOS

Out of band secondfactor

Protected apps& resources

© 2016 ForgeRock. All rights reserved.

Requirement #5

MFA is great...but I want something more in-session, transparent and contextual..

© 2016 ForgeRock. All rights reserved.

Post login, in-session check Leverage context Analyse geo-loc changes

Policy engine withaccess to external

context

Device & Environmental

changes

© 2016 ForgeRock. All rights reserved.

Requirement #6Sign up has increasedSign in is more secureSign in is simpler..but I want gadgets!We need to be competitive...

© 2016 ForgeRock. All rights reserved.

Devices need identities too!

“Pin & Pair” - device representing a user to a service or application

Easy revocation for device sale or theft

Device accesses

services on usersbehalf

Simple outof band pairing

© 2016 ForgeRock. All rights reserved.

Thank You