Tag Archive for: Trivore Identity Service

Moderni IAM-ratkaisu kaikille identiteeteille

IAM-järjestelmä, eli identiteetin- ja pääsynhallintajärjestelmä, on tärkeässä roolissa monissa organisaatioissa sekä hallinnollisesta että kyberturvallisuuden näkökulmasta. Mitä monimutkaisempi organisaation IT-arkkitehtuuri on ja mitä suurempia henkilötietodatamääriä organisaatiossasi käsitellään, sitä tärkeämpi toimiva IAM-ratkaisu on. Trivoren IAM-ratkaisusta löytyy joustavat ratkaisut organisaatiosi erilaisille identiteeteille.

Henkilökäyttäjien lisäksi identiteetti voidaan antaa myös esimerkiksi tuotteelle, palvelulle, organisaatiolle, ohjelmointirajapinnalle (API) tai botille. Jos näitä kaikkia identiteettejä käsitellään erillisissä palveluissa, työmäärän lisäksi kasvavat myös turvallisuusriskit. Trivoren IAM-järjestelmä ja sen ytimessä oleva Trivore ID huolehtivat siitä, että kaikki identiteetteihin liittyvä data käsitellään ja säilötään keskitetysti ja turvallisesti.

Identiteetin takana voi siis olla lähes mitä vain ihmisestä organisaatioon. Yleisimpiä Trivoren IAM-järjestelmästä löytyviä identiteettejä ovat seuraavat:

Työntekijäidentiteetti

Työntekijäidentiteetti on yksi yleisimpiä tarpeita organisaatiolla, joka on hankkimassa IAM-järjestelmää. Trivoren IAM-järjestelmän identiteetinhallinnan avulla organisaatio pystyy muun muassa automatisoimaan työntekijöidensä tietojen käsittelyä, rikastamaan joustavasti tietoja useasta eri lähteestä ja toteuttamaan tarvitsemansa raportoinnit.

Pääsynhallintaominaisuus puolestaan mahdollistaa ketterän hallinnoinnin siinä, mikä rooli ja mitkä oikeudet kuuluvat kenellekin työntekijälle. Trivoren IAM-ratkaisu on roolipohjainen (RBAC), joka helpottaa oikeuksien myöntämistä ja hallinnointia niin yksittäisille työntekijöille kuin suuremmillekin joukoille kerralla. Erityisesti suuremmat organisaatiot ja konsernit hyötyvät käyttövaltuuksien antamisesta organisaation hierarkian ja palvelussuhteen perusteella. Moni työntekijä työskentelee samanaikaisesti eri puolilla organisaatiota eri hankkeissa ja tämä tekee usein käyttövaltuuksien hallinnoinnista työlästä. Trivore IAM tarjoaa tähän kustannuksia alentavia työkaluja.

Työntekijäidentiteettien masterdata-järjestelmä on lähtökohtaisesti aina HR-järjestelmä, josta rakennetaan integraatiot IAM-järjestelmään, ja järjestelmät synkronoidaan automaattisesti ja säännöllisesti keskenään, jotta molemmissa on aina ajantasainen tieto.

IAM-järjestelmän mahdollistamat ominaisuudet, kuten kertakirjautuminen ja monivaiheinen kirjautuminen, sujuvoittavat työntekijöiden arkea, vähentävät IT-osaston kuormitusta ja parantavat organisaation yleistä IT-järjestelmien käyttökokemusta.

Erityisesti suuremmat organisaatiot ja konsernit hyötyvät käyttövaltuuksien antamisesta organisaation hierarkian ja palvelussuhteen perusteella.

 

Kumppani-identiteetit, ulkoiset käyttäjät, ja erityisidentiteetit

Joskus on tarve antaa organisaation palveluihin tai järjestelmiin pääsy taholle, joka ei kuulu organisaation normaaleihin käyttäjiin. Tällaisia tahoja voivat olla esimerkiksi kumppaniyritykset tai erilaiset ulkoiset käyttäjät, joille halutaan myöntää vain väliaikainen pääsy tiettyihin palveluihin ilman työntekijäsuhdetta. Tällöin IAM-järjestelmämme Trivore ID toimii HR-järjestelmän sijaan masterdatan sijaintina. Kun nämä identiteetit pidetään muista erillään, varmistetaan niiden hallinnan helppous ja tietoturvallisuus.

Kuluttaja- tai asiakasidentiteetti

Työntekijöiden ohella monelle organisaatiolle yksi arvokkaimmista tiedoista ovat asiakastiedot. Asiakasidentiteettien hallinnoinnissa IAM-järjestelmää voidaan hyödyntää yhdessä CRM-järjestelmän kanssa. Asiakkuustiedot voivat olla joko kaikki Trivoren IAM-ratkaisussa, tai asiakkaan niin halutessa, IAM-järjestelmä voidaan yhdistää asiakkaalla käytössä olevaan CRM-järjestelmään, jossa asiakkuustiedot tällöin sijaitsevat. Silloinkin, kun asiakkuustiedot sijaitsevat CRM-järjestelmässä, IAM-ratkaisun avulla niitä voidaan rikastaa, muokata, käsitellä ja poistaa ketterästi ja turvallisesti. Tämä on erityisen kriittistä viranomaisvaatimusten, kuten GDPR:n, noudattamisessa.

Kuluttajat vaativat myös sujuvaa, mutkatonta käyttökokemusta digitaalisilta järjestelmiltä. IAM-ratkaisu varmistaa sen, että asiakkaasi pystyvät joustavasti käyttämään organisaatiosi palveluita, jotka IAM-palvelun avulla keskustelevat saumattomasti keskenään.

Trivoren IAM-ratkaisu mahdollistaa myös monia uusia liiketoimintaa kehittäviä palveluita, kuten digitaaliset lompakot.

Asiakasidentiteettien hallinnoinnissa IAM-järjestelmää voidaan hyödyntää yhdessä CRM-järjestelmän kanssa.

 

Kansalaisidentiteetti

Trivoren toteuttama IAM-ratkaisu on laajasti käytössä Suomessa kuntasektorilla. Trivoren tuote on olemassa olevien ominaisuuksiensa ansiosta erinomainen ratkaisu kuntien ja muun julkisen sektorin tarpeisiin.

Muun muassa suomi.fi-tunnistuksen tuki on välttämätöntä kansalaisidentiteettien hallinnointiin tarkoitetussa IAM-ratkaisussa. Tämän lisäksi Trivoren IAM-ratkaisuun on mahdollista toteuttaa integraatiot muun muassa OPH Koski -tietovarantoon opiskelijoista sekä DVV:n Väestötietojärjestelmän Muutostietopalveluun, jolloin esimerkiksi kuntaorganisaatiolla on aina ajantasainen tieto kuntalaisten opiskelijastatuksesta, muutoista, nimenvaihdoksista, kuolemista ja syntymistä. Kuntien ja kaupunkien lisäksi Trivoren ratkaisua on käytetty julkisella sektorilla muun muassa julkisen liikenteen ja terveydenhuollon tarpeisiin.

___________

Kaipaatko neuvoa organisaatiosi identiteetin- ja pääsynhallintaan? Kerro meille tarpeesi, niin räätälöimme kanssasi juuri sinun organisaatiollesi parhaan IAM-ratkaisun. Tarjoamme IAM-palveluamme sekä SaaS- että on-premise-ratkaisuna. Ota yhteyttä tai lue lisää palvelustamme.

Everything You Always Wanted to Know About eSIM

Everything You Always Wanted to Know About eSIM (But Were Afraid to Ask)

Kari Mattson, January 21, 2020

What is this eSIM thingy, anyway?

Pretty soon you may not need a SIM card in your phone as growing array of connected devices will connect to mobile using embedded SIM (eSIM) technology. eSIM is a global specification which involves aSIM card chip being embedded into a device.

eSIM technology has been around for some time, but only its adoption by Apple in late generation iPhones brought it to the public consciousness. 

One of the main advantages of eSIM is that it enables users to change operator remotely without having to acquire a new physicalSIM card – this can augur an even fiercer competition among operators and new usage modes. Theoretically, a phone using an eSIM could negotiate the rates with available operators on a call-by-call basis to get the absolute best prices.

More practically, eSIM also allows people to store multiple profiles on a single device, effectively having two or more numbers, and switch between them at ease. This is ideal for anyone who may require an additional number for travel or business, for example.

As an increasing number of devices offer eSIM technology, we are likely to see more mobile operators offering support for the service, particularly as it gives them an opportunity to up and cross-sell new service plans to their customers across the consumer and enterprise markets

But wait, that is not all…

While eSIMs can change phone usage quite abit, the technology will not just be used in smartphones. 

eSIMs will be seen in many consumer devices which require always-on connectivity. This includes wearables, such as smartwatches and smart glasses, connected home devices, and computing devices such as laptops and tablets. Technology which has traditionally connected to Wi-Fi will benefit from the wider availability and security of cellular (4G and5G) networks.

One of the first consumer devices to feature eSIM is the 4th generation Apple iWatch which is cellular capable, enabling many new use cases. The iconic Dick Tracy wrist phone is starting to be reality, thanks to eSIM.

The many benefits of eSIM

Consumers, businesses, and benefits can will all benefit from eSIM.

As eSIM enables subscribers to connect more devices to their mobile operator, operators can offer multi-device packages and bespoke data plans. 

Device bundling will b­ecome much easier, with consumers able to conveniently add new devices to their plans without having togo in store or wait for a physical SIM card to arrive in the post. This presents new revenue opportunities for operators, as it becomes easier for customers to scale up their plans by adding new devices which require data.

Businesses with a large number of mobiles used by their employees will also benefit from the convenience of eSIM. eSIM can deliver a streamlined user experience for managing cellular connectivity, enabling IT teams to provision and deploy new devices in a rapid and convenient fashion. Adding new phones to a corporate mobile service or swapping devices between users as they join and leave a company will become much more efficient, as it can be achieved remotely. Profiles for each user can also be personalized and data plans can be adjusted and optimized, via eSIM remote management tools.

Don’t forget IoT

eSIM will also benefit businesses that use IoT systems, and in particular businesses that have large m2m (machine-to-machine)deployments such as oil and gas, power plants, manufacturing facilities and warehouses. For a company using thousands of individual pieces of hardware that require mobile connectivity, installing a SIM card into each unit would be a painstaking (and expensive) task.

With eSIM, businesses can remotely connect all of this technology to a mobile network. Furthermore, if the technology is required to operate in another country, it can be programmed remotely to connect to a local operator in that region.

Because it is embedded, an eSIM uses less space and is cheaper than traditional SIM technology: mobile connectivity can now be introduced into hardware where it was previously not feasible due to cost or space restrictions.

Finally, as with the consumer market, operators can create new data plans for businesses as their connectivity requirements scale up. This could include new packages for previously unconnected devices, such as connected cars or iPads, naturally resulting in new revenue streams.

Making it a reality

While eSIM offers some exciting possibilities, its adoption is still in its infancy. Both manufacturers and operators must step up their game to drive the adoption of eSIM technology.

Technology manufacturers must support the new technology and make it available in their products. On this front, things are developing: analysts suggest all new smartphone devices will support eSIM by2030, and other types of connected technology will likely follow suit.

Operators play a crucial role. They must support the technology on their networks, create innovative new services, and provide a smooth experience for business and consumer customers looking to adopt the services. 

Operators need to create a smooth experience for onboarding customers using eSIM, via an online portal or application. Bespoke applications can be developed specifically for enterprise customers, whilst consumers can be served through operator portals.

For this customer experience to be seamless, operators must ensure that their eSIM technology is compatible with different handset manufactures and eSIM vendors and ensure they can support multiple download and activation methods.

To achieve this, operators must evolve their billing support systems and have an entitlement platform which will empower them with advanced eSIM management capabilities. This will ensure that they can make it as easy as possible for users to adopt eSIM technology, which will help drive new uses cases for it across the consumer and enterprise markets.

Trivore and eSIM

Our Trivore Device Entitlement Service (or DES among friends), is a carrier-grade solution for mobile device manufacturers and mobile operators to activate and provision cloud, on-premise, and embedded software applications from a single platform.

DES provides full support for eSIM and lets operators and manufacturers take advantage of this new technology easily and inexpensively. Just like other Trivore products, DES features a modern web-based GUI, open APIs, a powerful SDK for client development, and built-in identity management functionality.

You can find more info on DES on our product page.

Trivore supporting public transportation

Trivore supporting public transportation

Trivore and our very own Kari Mattsson were recently featured in Suomidigi, a website supporting and looking at the state of the digitalization of the Finnish public sector.

The article describes how HSL (the Helsinki Regional Transit Authority) has incorporated the national Suomi.fi and European eIDAS strong identification systems using the Trivore Identity Service (TIS).

The story, alas, is in Finnish only (it can be found here), but since has some useful information, we try to summarize some of the key points here.

Having strong identification information is crucial for the proper functioning of the system as the residents of the various municipalities in the HSL region get discounted tickets based on their place of residence. Being able to leverage national ID systems that have e.g. accurate address information allows HSL to provide the discounts easily and fairly. Discounted tickets have previously been limited to physical ticket products but with the help of TIP and the Suomi.fi service, HSL can now extend the discounts to mobile tickets, as well.

Riders from outside of Finland benefit from the pan-European eIDAS identification system support. Riders can be sure their information is handled appropriately (and following all relevant regulations) and they can ride on HSL knowing their information is secure. HSL is the first player in Finland to have a fully eIDAS compliant system and e.g. German eIDAS identification requests have been handled without any issues.

Niko Tynkkynen, the Digital Service Design Team Lead at HSL outlines the challenges of rolling out a system like this: ”We have to be sure we handle the information of our more than one million riders in full compliance of GDPR rules, yet we also want to make sure the service experience is seamless across devices and services. We also want to bring new, increasingly personalized services and experiences to our riders.”

One further benefit of TIS is the ability to federate identities across different actors and services. The system e.g. enables using identities managed by the HSL system to be used for accessing public transportation services in Tampere – or any other city in Finland.

Should you be interested, you can read more about TIs on our product pages.

Trivore Identity Service Client SDKs released

Trivore Identity Service Client SDKs released

By Kari Mattsson on September 22th, 2019

The SDKs are out!

The often requested, fully documented Trivore Identity Service Client SDKs for Java and Python are now available. The SDKs let developers increase their productivity and get the most of of the comprehensive Trivore Identity Service APIs to create beautiful identity-driven applications.

Why does the SDK matter?

The SDK helps our customers (and us, too!) to create robust Identity-driven applications powered by Trivore Identity Service faster and more easily. The SDK leverages the robust Trivore Identity Service APIs (Application Programming Interfaces) and contains technical documentation, sample code, and other tools that help a developer be more efficient and deliver better applications.

The difference between and SDK and an API

An API is essentially a clear set of rules, or protocols, for interacting with a system. As long as a programmer knows how to use the right protocols they can successfully accomplish the tasks they want to complete on the platform. An API is like a recipe, it’s a set of clear instructions. Companies often use APIs to give external parties access to their data or systems. An SDK is more like a box of cake mix. It has everything you’ll need to make a cake quickly and easily.

What about other languages?

While Python and Java are the most common languages used to develop applications powered by Trivore Identity Service, we are working on other languages, too.

The next planned languages are Go and Javascript. The release schedule is not fully confirmed yet but we expect the release to happen in late 2019 or very early in 2020. Stay tuned for details.

If you are a Trivore customer and have a need for an SDK for another language, drop us a line and we will certainly consider your request.

Where can I get it?

You can download the SDKs for both Java and Python from our Gitlab public page.

The Java version will also be shortly available on Maven Central and the Python version on PyPI.

You can find documentation and other goodies from the Trivore Identity Service support site.

About Trivore Corporation

Founded in 2001, Trivore Corporation crafts identity-driven enterprise software for business-critical applications. Trivore serves demanding customers – both enterprises and public sector actors – that need robust and scalable enterprise solutions for business-critical applications. Trivore is the Identity Authority™.