Identity

Identity

Standardising access control across heterogeneous IT landscapes, which include a diverse array of applications and services - both in-house developed and externally sourced - poses a significant challenge for operators.

Solutions such as Single Sign-On (SSO) and Identity and Access Management (IAM) systems are required to master this complexity and seamlessly integrate the services. Technologies and standards such as OAuth2.0 and OpenID Connect form the scalable and flexible basis for this, and products such as Keycloak, PingIdentity or ForgeRock successfully implement them.

NOVOSEC offers support in designing the right infrastructure for your requirements and in selecting the most suitable solution.

We are also happy to provide support with the integration of the selected solution, carry out customisation if required and develop additional components.

Single-Sign-On

Successful introduction of KeyCloak for consistent provisioning of user access to multiple customer applications

Our customer, a leading bank in its segment, had an existing specialised application for external users, for which user accounts had already been created within the application for several years. This user database was to serve as a central data source in order to provide user access for other internal and external applications. The aim was to create a Single Sign-On (SSO) solution improving the user experience and security of the connected systems within the company's web presence.

Selection of a suitable OIDC-capable identity provider

The main task was the implementation of a suitable identity and access management solution that makes user access mechanisms of the existing application available to other applications. The established portals should be further used for access management.

In addition, existing and new authentication methods had to be integrated and a seamless SSO experience had to be established.

Scalable open Authentication System

Implementing KeyCloak allowed successful provisioning of user accesses to multiple applications and realising a Single Sign-On system.

By integrating a customised User Federation Providers, the existing user accounts from the existing application could be seamlessly provisioned in Keycloak bereitgestellt werden.

The development of customised Authentication Provider allowed to support existing authentication methods and provide a consistent authentication experience across all applications.

The provisioning of OpenID connect and SAML enables an efficient standardised connection to existing and future systems.

The Single Sign-On solution created by NOVOSEC based on KeyCloak improves the security and user-friendliness of login processes.

The excellent scalability enables the customer to connect additional systems at short notice and make them available to its established user base.

More Benefits:

  • Single logout - if a user logs out, they are automatically logged out of all applications involved in the SSO session.
  • Quick integration of additional web applications and apps (time to market).
  • Integration of customised KeyCloak extensions.
  • Development of additional components to support various authentication methods (MFA, customised procedures, etc.).
„I need no mask to speak with you. Unlike my brother. I create my own personality. Personality is my medium.”

Neuromancer, William Gibson

 Activation of security mechanisms with electronic ID card

The abusive activation of 2FA/SCA security procedures is increasingly taking place via remote attacks, which are often initiated by means of social engineering.

To prevent these remote attacks, the use of the e-ID (ID card) for activation has been integrated directly into the bank's banking/authorisation app.

To activate their new 2FA/SCA procedure, a bank customer only needs to hold their ID card against their mobile device.

On the bank's side, the ID card data is compared with data for the customer access.

Personalausweis mit App

NOVOSEC has set up the infrastructure for using the ID card via state-certified service partners and trust centers and integrated the ID card usage into the banking processes based on the ID card app SDK.

The result is secure digital onboarding/activation of the security procedure. In addition, the e-ID function can also be used by the bank for other use cases such as KYC or synchronisation of current customer data, etc.

Areas of usage: Banks, ZAD, KID and everywhere where legally reliable identification is required.

 Fraud Management - Strong Customer Authentication (SCA)

A preventive anti-fraud system can use SCA to reduce the possibility of fraud.

SCA confirms the customer's identity using two or more factors before a transaction.

Business and regulatory requirements (in particular PSD2) were analysed in collaboration with the Global Transaction Banking department of a major bank.

Collaborative workshops with multiple manufacturers resulted in the creation of innovative architectural solutions that seamlessly integrate with the existing infrastructure.

The optimal vendor solution was selected, integrated, and now offers, among other benefits:

  • Fraud Reduction

    Multiple identity confirmation makes it more difficult for fraudsters to access customer accounts and data.

  • Increased Security

    Strong Customer Authentication increases the security of financial transactions and protects customers from identity theft.

  • Compliance with legal requirements

    SCA fulfils legal requirements, such as the EU PSD2 directive.

  • Protection against chargebacks

    SCA reduces the risk of chargebacks by reducing the chances of fraudulent payments.

  • Promoting innovation

    SCA promotes the development of advanced authentication technologies, although additional steps for the customer might be required.