Okay, so I want to talk about using some of the concepts of enterprise identity and access management, EIM, into the world of millions of consumers and everything between those, those two worlds. And so I want to do that using one of our customers. Last year I was able to, to invite some of our customers this year, unfortunately, they, they couldn't make it. So I will present their case in fact, and it's about public notaries or a notary civil law.
In, in the Netherlands, there are something like 1200 noties over there. We have a, a similar case in, in Belgium, by the way. And these people, they need access to all kinds of governmental databases and such as the, the land registry, such as tax, eh, for, for doing tax declarations. And of course also to, to the Chamber of Commerce and to, to, to check the legal status of, of a company, but also, of course, to their own applications. And there are a couple of vendors in, in, in the Netherlands that are providing software for notaries.
And of course things like Office 365 and the like, okay, so how are we going to manage access for these notaries to these systems? But that's the first use case that we'll talk about simple enough, but just had to get, to get in the running.
So let's take the notary. Okay. And he's officially being registered by the Association of Notaries or the Chamber of Notaries. Hmm. And so they are officially mandated to do so. And if they're the leader registered with all the notaries, Hmm. So these 1200 notaries are then being, being managed by them.
Okay, fair enough. And how does that work? So in the past, eh, the, there was all kinds of paperwork that need to go back and forth in order to, to give notaries access and federated access to all these governmental databases. Now they are, yeah, basically, of course using our system, but that invite the notary to say, look, you have been registered formally and your diploma is correct and, and you have passed the exams and, and, and everything is, is correct. Now we will give you digital access.
And so they basically invite the notary through the system, and then the notary can simply accept that kind of invitation.
By accepting it, the notary will also identify him or herself.
Now, in the Netherlands, they're now using, it's me, it's me being a system that was a, originated in Belgium, but allows somebody to register and to authenticate using a mobile app. And that mobile app, in fact interacts with the, with identity management system of the government, eh, so, so where all the citizens are being, being registered.
And so by, by confirming that invitation, Hmm, the person at the notary will identify him or herself, eh, using that, that app and connecting his, his account to, to himself. Okay. Fair enough.
Now, like I said, so the chamber will register all the, all the notaries. And so we'll do that over and over again with, with all the other notaries. Basically. They will not do that manually, obviously they will do that using a process and, and automatic upload and, and, and all these things. And whereby the identity of the individual is being confirmed, like I said, using it's me. So these are clearly characteristics of an enterprise identity and access management system where you get a process and to, to enroll people.
And where you get some mechanism to, to verify the identity of people further on the, the notary will then be able to use is her account and then access all kinds of databases, but also access the, the notary software in the, in the office.
Are we implementing an identity and access management system in every notary office and obviously not. So that is one system that is with the, with the chamber of nut trees. And so they, they can enforce multifactor authentication, which is pretty obvious that nowadays you can't live without it.
And they will also orchestrate the token based access to all the databases and the internal applications. Okay, fair enough.
So the, the, that's not very complicated.
So, but what with all the other people around this notary, eh, because he or she's not working alone, eh, there are first of all the candidate notaries and or associated notaries and delegated notaries and, and you have a, a number of other people with similar profile like the notary, but then of course you have the coworkers, coworkers that are ranging from employees to internships to interims students, but also of course the accountants at the, the, the people that are taking over certain tasks in an outsourcing way, HR and payroll processing and, and the like.
Okay, so how are we going to, to give these people access? Well, so the chamber, they, they want to worry about notaries and they will also worry about the candidate notaries and the associated ones and the delegated ones.
And, and so that is their horizon. But of course there are many more people. So all these coworkers, and so they don't want to register this. They want to offer the system to do so, but they don't want to to know all these people. So what they want to do is, is well, let's have the, the, the notaries manage these peoples themselves. So that is the concept of delegated administration. But delegated administration is typically something that is implemented in an enterprise. IAM their teams can do some parts of the, of the administration relative to accounts themselves.
Here we are externalizing that in a B2B fashion. And the B2B here is our, all the, the notary offices that will now register their own people.
So let's have a look at, at, at, at an example. So we have the, the notary, and there are a couple of candidate and associated notaries around him. There are some coworkers. He has an accountant and, and, and some more people. And so how can we now scale access, right? Which is basically the, the title of this presentation. How can we make that happening for the tens of thousands of coworkers?
And so in fact, like enterprise, I am, eh, there is a process behind giving some somebody an account. And we are still not talking about consumers. We are talking about employees, but it is not the chamber that will manage these employees. No. So we have an an HR process in the office of the, of the notary. Hmm. And that will then assign accounts. But more importantly, which is often forgotten also in enterprise Im, is that giving somebody access through an account should have a lifecycle, right?
Because every now and then people may leave or change function or whatever, for example, here, and in this case, people may move to another office and that lifecycle needs to be managed. And again, it's not the chamber's going to do that. No.
They, they want the noties to to to manage the lifecycle of the their own employees. And yeah, we are talking in the end about enterprise access.
It's, it's about access to sensitive systems. So you want to have fine-grained rules and policies that, that go with it.
And, and of course you also want to make sure that if there are systems that need roles and their own accounts, our big systems, then of course you want to have that provisioned. And much like in an enterprise I am, and you want to apply enterprise level MFA, and that's the example that, that you see here, which is a screenshot of one of our apps to do so.
Okay. So that are the, the things we, we want to do. So how will that happen then in, in, in real life. So in order to to to, to get that orchestrated, we introduced the concept of persona.
Now, we didn't invent that persona, but at least we apply it in order to make this, this level of delegate administration feasible at the level of millions of people. And and I come to that in, in a second. And so the notary, he will have the persona.
So the, the role that he plays relative to this ecosystem, that will be the persona notary. And you can also have other personas like candidate a notary or associated or delegated. And with that, he can do whatever he needs to do as being the notary and being mandated by the state. But he will get the second persona, and that is being the business owner.
He has an office. And in that office there are people working. And so they need to be managed.
Not only the people need to be managed, also the accounting of course, and tax declarations and, and, and all these things that any regular business needs to do. But so we have their persona, which we call manager. And using that persona, he will be able to register the other people. And so how will that actually work? Will the notary need to, to go into an IM system and then create accounts for people?
And then, then, no, no, no, no, no. That was clearly stated that we can't give that to the notaries, eh, let them worry about legal text and the like, but not with, with the administration in IM system. And so in fact, views exactly the same process, but rather than having it initiated now by the chamber of notaries, it'll be the notary himself.
He will say, okay, I I have a person here that works for me. This is the name of the person, and this is an email address or a contact and number of that person. That's all that he needs to do. And she will get a, an invitation.
And again, she will then confirm it, confirm it again with it in, in, in the same mechanism with an MFA, and then maybe it's me or or another MFA. So how does it work? It basically creates this persona that's all that, that he needs to do. And a notification is being sent to the, to the coworker and logs in and an account will be created. But by linking the account to the persona, also provisioning will be initiated behind the scenes. So the notary doesn't need to worry about it, the employee doesn't need to worry about it, and more importantly, the chamber doesn't need to worry about it.
So that's all happening behind the scenes just by making this, this process. So it's, it's simpler enough for all the notaries to understand and all those notaries, they, they're typically not it savvy, but yet, eh, they can initiate the, the whole process now. So what we are doing is in fact, eh, doing not only identity and access management, but also identity governance, governance and administration in a delegated way, can we further delegate it? And now we were talking about tens of thousands of, of coworkers. What about the citizens?
What about people that are creating, setting up companies, eh, and, and need to sign dates for that? Well, again, the same thing. So we have already registered these people and now we need to register also in one way or the other. All the citizens and all the people that are representing companies.
Now, of course here we are talking about millions of people in the Netherlands, something like 40 million people that are, that can sign deeds.
So it's quite a lot of people. And of course, yeah, again, the chamber doesn't want to worry about that.
And, but still they need to be linked to an office in one, one way or the other. And they need to be able to sign deeds and to sign documents and to access certain things. And so we will use exactly the same process as what we have seen. The notary was registering his colleague, well his colleague. And because she's an associated notary, she can register these people.
And again, the only thing she needs to do is enter the name and, and, and some contact. And then these people will again, get through this process, also get a persona and, and the associated accounts. And so it is again, exactly the same system. And the people will confirm their identity again using it's me or using paper documents and where the paper documents will then be scanned, use using the app so that people can, can register themselves and then confirm that they are indeed a customer of a particular notary office. What if people go to a to another notary?
Well, then they will get a second persona that is then linked to that other notary office and people can freely switch between those personas, but that way they can register all the, all the people that need to sign deed.
Can we take it even one step further? What with people that represent other people, for example, you may have a daughter who is taking care of her mother and, and has a caring proxy. Caring proxy is one of the, of the things that note is managed. But a caring proxy means that you can do things on behalf of the daughter person.
So the daughter can do something on behalf of her mother. So that means that she can also sign deeds and, and, and do certain transactions. A person can also be mandated.
Eh, you may have a custodian or a guardian. Somebody's taking over people that are no longer conscious. But there are also ways of outsourcing, eh, typically accounting or payroll processing is outsourced, eh, and so you can also manage that power of attorney trustee.
Well, you have quite a number of other roles that are in fact then taking over your, your role.
Now, giving the concept of persona, it's pretty easy to, to manage. So how will that happen in practice?
Well, again, the same scheme. So for example, the mother can say, okay, I want to give a proxy to my, to my daughter. Okay? And then she can accept it exactly the same way. Like we have seen it in the previous examples, starting with the notary, starting with the, with the coworkers, starting with the, the other citizens.
Well, so people, consumers themselves can also delegate their, their power and their persona to somebody else. And so it goes in exactly the same way. And so if that person was not known and not linked to an, a notary office before, well then she will also do that little registration using using it to me. And from then on, she can act on behalf of her, her mother. And so what it means, and this done a conclusion, we ev we effectively, eh, have scaled to the administration that is typical for enterprise IEM. We have scaled that up to millions.
And so we can do sophisticated access and sophisticated provisioning, fine-grained authorization, all these things thanks to the concept of persona that is making it consumable and, and and workable by people even like notaries who are not it savvy.
So of course, excuse me, if you want to know more about that, you can visit us. I understand C 39, but this basically ends the presentation and so open for questions.
Thank you so much. Hi guys.
Thank you.
Very, very interesting and very interesting in the way it scales. I've got a, an abiding interest in this sort of delegation use case, right? And so I'll, I'll need to learn more about that.
Annie, do we have any questions and do we have any questions in the room as well? Yeah,
Absolutely. So we have a few questions that came in virtually and I'll let you all take a moment and think if you have something you'd like to ask live, I can come around in a second with a microphone. Our first question is, did you consider enabling just-in-time provisioning through the IDP or SP trust providers in this scenario?
Sorry, sorry. They could
In, sorry. Did you consider just in time provisioning in this at all? And can you say a few words about that?
So we, we, we can apply all all models of provisioning and also the non-pro provisioning and the non-pro provisioning, meaning that you do authorization using using access tokens. And that's in fact the, the main method that is being used. But of course there are still certain systems around that do need roles and that do need a specific account and they're then being provisioned at the moment that the account is being created for them. But just in time provisioning is kind of a variation of, well, the two combined. Yes.
Great. Thank you.
And next question, how about the same carbon fiber identity somehow affiliated with more than one notary? Could you imagine that scenario?
Yeah. So people can have one persona, but they can have multiple personas. So if they're linked to multiple offices, then they will get the citizen persona first with one O office and the second citizen persona to another office. The same is true for the coworkers and certainly internships. And for example, you may have a student that is working for one office and then the next, next holiday working for another office.
Well, that first persona will still exist but expire after the holiday and then it will get a, a, a new one. And that will then also maybe only valid for a month or something. But that is how it, how it works. And so people can have any number of personas they can freely select between those. But of course, only those that are active, not those that are, have been revoked or expired. Yeah.
Okay. And the last check for the audience can maybe take one question, but no movement.
Okay, then thank you very much Carlo. We very much appreciate it. Thank you.
