Citizen Identity and Access Management
CitizenOne is built on a foundation of “citizen identity and access management” (or customer identity and access management). This module enables a government to securely capture and manage citizen identity and profile data, as well as enable citizen access to applications and services from all around the government enterprise using one convenient profile. Citizens can logon once and access services from any government agency.
This module provides citizen self-registration, self-service profile management, single sign-on (SSO), contextual multi-factor authentication (MFA), directory services and more. Key module capabilities:
Citizen Identity Profile Management
Allows a citizen to self-register for a profile, privately and securely stores the profile information, and allows the citizen to easily manage information contained in their profile. It allows for a single profile that is reusable across all government services. Includes:
- Modern, simplified registration workflows that eliminate requests for unnecessary information and improve citizen satisfaction when registering for a profile.
- A progressive profile that can evolve as services are added, capturing only what data is required to access services relevant to the citizen.
- Takes a “data-light” approach to citizen profile creation, only requesting what is required. Keeps the citizen profile data footprint as small as possible, reducing risk in the event of a breach.
- Full citizen self-service capabilities that allow access anywhere, anytime. This eliminates the need for the help desk to field routine calls such as password resets or profile changes.
- Provides mechanisms for ensuring data accuracy and eliminates duplication of profile data.
Provides complete security when citizens are accessing their profile and using any connected service. Features flexible options for contextual multi-factor authentication, one-time tokens, setting/managing password policies, and automatic password resets.
- Delivers contextual multi-factor authentication capabilities that can be configured to secure more sensitive digital services, providing reduced risk to the citizen and government service provider. Can be configured to only trigger multi-factor security when required, eliminating blanket approaches that increase citizen frustration.
- Provides secure SSO (single-sign-on) capabilities that allow the citizen’s profile to be reusable across any government service connected to the platform. This eliminates the need to build and manage a profile for each system.
- Delivers a profile and login credentials that are more widely used and therefore not easily forgotten (higher velocity).
- Can be integrated with third-party login credentials to further increase credential memory (e.g. SecureKey Concierge, and other highly used credentials that may live in existing identity stores).
- Keeps the “keys and locks” stored and encrypted separately, providing dual source authentication (split protocol).
Allows a government to easily make their services available through the platform.
Allows a government service area/department to define connection policy, for example requiring the profile to have a verified phone number or requiring that certain profile information is completed before accessing the service.
- Features a service opt-in model, so that government services can come on board “when ready”. A government can then scale their deployment and deliver services incrementally, avoiding the cost and risk associated with a “big bang” approach.
- Modern Federation protocols (SAML2, Oauth2, others).
- Built on open standards allowing for connection to modernized and legacy applications.
Continue to next module / Identity Relationship Management