Skip to content

Identity & Single Sign-On

Functional overview

The expectations for consumers are set by webshops like Coolblue, Apple, Amazon and Google. Insurance companies can now start to impress users and meet higher demands from business and regulation. OneWelcome's Identity & Single Sign-On solution - as a part of the OneWelcome Identity Cloud - contains components you can easily add to your existing enterprise architecture. The picture below shows the high-level functionality the platform provides.

Architecture overview

Functional flows

CIM handles the complete spectrum of capabilities related to delivering a seamless and secure customer experience.

(JIT) Migration

Thanks to Just In Time migrations, you can let users automatically migrate to 1 standard across all of your platforms. The customer may not even be aware of it at first. Onboarding / User Registration:

Making this process as simple as possible is the key to your success. As millions of consumers are going to use this process, any hiccup will lead to undesired fallout. The registration process for customers and prospects is different. Whereas customers require a more secure registration to prevent exposure of private data to the wrong people, for most prospects this robust identification is less important.

Secure business transactions based on levels of assurance

When you are a prospect, you just want to explore your possibilities without going through many steps to sign up. When you really become a customer identification and more is required. The CIM products supports many forms of identifications, like E-mail verification, GSM verification, ID check, Bank Transaction check, Address check, and more. In time your customer will build towards a higher Level of trust (identification)

With digital identities you want to reduce the risk of identity theft. This means that the level of trust is not only defined by the initial identification, but also with what we call continuous multifactor authentication. Multi factor is a way to make sure you are who you say you are by checking different factors. Based on your behavior, CIM could ask for extra authentication (making it continuous authentication). CIM allows you to create your own levels of assurance ( LOAs). You can use a market standard like STORK or configure your own levels by:

  1. Configuring identifications required per level.
  2. Configuring required level of assurance per service provider.
  3. Configuring level of assurance per identity provider.
  4. Configuring level of assurance for Two-Factor authenticators like for example text/SMS, mobile or Google Authenticator.
  5. Configuring required level of assurance for changing attributes like for example SMS, name, birthdate, and more.

Device registration for second factor login

When you want to give your users the option to login using a second factor like a mobile phone, the user is required to register the device. There are a number of possibilities to enable the device registration and handling of second factor authentication. You can either enable your current apps to handle the second factor or you can use an existing authenticator app provided by OneWelcome which provides the functionality for you.

Authentication / Login

Yesterday customers logged in with username/password or social, today they want to login with a mobile device. The consumer decides the preferred login and wants to change preferences over time. CIM supports all that. Self service:

Self-service is critical. If your procedures are unclear and little self-service is available, more than 30% of the calls from your helpdesk might be related to this.

Delegated Administration for Business Partners

If you are dealing with intermediaries and have problems with distributing authorizations among them DABP is for you. You can let your intermediaries take care of the user and authorization management themselves.

Managing and monitoring

Consumer Identities, CIM is the digital front door of your organization for consumers and partners. Of course you require full audit trail, event trail and monitoring capabilities.