1 Introduction
Many businesses and public-sector organizations are finding that they must provide better digital experiences for and offer new services to consumers who are using their services. Organizations need support for secure and convenient ways to enable employees, contractors, partners, B2B customers, and consumers to securely access resources across their digital properties. Organizations are finding that they must provide a variety of authentication methods and assurance levels to address different kinds of use cases, risk adaptive authentication and authorization mechanisms to support policy-based access controls, comprehensive identity and attribute management for workforces, self-service identity management for consumers, and identity federation for partners and B2B customers.
Some organizations want a completely customizable IAM or CIAM solution. Some may have a preference for open-source or to build their own from components. Others only need limited functionality, such as wrapping a single consumer-facing application with an identity layer. In these cases, SaaS and fully packaged C/IAM solutions may not be the best fit. Dev-centric C/IAMs allow customers to build a modular solution around existing infrastructure or services, without having to buy more features and functionality than needed. Dev-centric C/IAM solutions typically provide on-premise or IaaS options, often supporting Docker or Kubernetes. As the name implies, in order to successfully deploy a Dev-centric C/IAM system, knowledgeable developers are required.
Trends in workforce authentication are increasingly away from passwords and toward strong and/or multi-factor authentication (MFA). For partners and contractors, identity federation is a must. On the consumer side, businesses need to accept social logins and mobile devices as authentication factors. For all kinds of users, risk-adaptive authentication, the ability to “step-up”, is a necessity depending on the type of access or transaction. Compromised credential, fraud, and cyber threat intelligence can help mitigate identity related risks.
For identity and access management, the ability to provision and de-provision users in a timely manner is critical, not only for business enablement but also to diminish the possibility of data loss when employment ends. Attribute assignment and management is a key to proper policy-based access control operations. For banking, retail, insurance, and similar industries, consumers need online facilities to register, edit their information, and give/withdraw consent.
Curity AB is a privately held IT security firm headquartered in Stockholm, Sweden. They launched their identity server in 2015 with an API-first strategy and a focus on authentication, token service, and user management modules. Their current offering, the Curity Identity Server, is a solution that can be deployed on-premises or hosted in IaaS. It provides robust federation options, advanced mobile authentication using the GSMA Mobile Connect standard, and can integrate with some European bank IDs and national e-IDs.