KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Good afternoon, ladies and gentlemen, welcome to our equipping a call webinar one identity for all efficient and cost effective identity management in the cloud. And for the cloud, this webinar is supported by ATS speakers. Today are me marking Kuppinger found and principle Analyst equipping a call. We hearing senior solution design architected, and Gary port global offering manager cybersecurity at autos. Before we start some information about keeping a call on some housekeeping information, and then we will directly dive into the topic, a call and Analyst company.
We are providing enterprise it research advisory services, decision support, networking for it, professionals, our services, our research services, our reports, our leadership documents, where we look at various market segments, etcetera. It includes advisory services and it includes events such as our upcoming European identity and cloud conference, which will be held May 13th to 16th and Munich its on event. You definitely shouldn't miss about all leadership and best practice digital ID, cloud, and scene. So meet us and Munich regarding the webinar.
Some guidelines you are muted centrally, so you don't have to mute our mute yourself. We are controlling these features. We will record the webinar and the podcast recording will be available by tomorrow. The Q and a session will be at the end, but you can answer questions time using the questions feature in the go to webinar control panel. So let's look at the trend for today.
As always in our webinars, we have three parts in the first part, I will talk about cloud and access management, the extended enterprise or the connected enterprise, or however you want to name it, the need for extending your current IM IH E infrastructure to the cloud. And the second part will be hailing on Gary pop will talk about the identity Federation hub cloud service, helping enterprises to scale the level of security, transparency, and compliance into the cloud. The third part as always will be the Q and a part.
And you can the questions at any time so that we have a good list of questions by the end that we can pick up then. So I want to start with a picture. Some of you might have seen before. It's what I call the computing.
Troy, it's this a picture which shows the challenge we are facing at it today. So we have to deal with more deployment models. It's not only our on premise it anymore. We have to deal with the mobile users, more types of devices, etcetera, not only the desktop of systems and notebooks anymore. We have to deal with the social computing or overall the growing user populations we have to onboard. So business processes are extended. We are dealing with customers, partners, etcetera in a far more comprehensive and far tighter integrated way than ever before.
This changes the way we have to do information, do information security. But at the end of the day, it's still about, we have to control access of all these identities, regardless of the deployment model, regardless of the device, we have to keep things under control and this is the challenge we are facing. And that means that we have to do something different or extended compared to what we did before. So one of these major challenges we are facing is the identity explosion. We have far more users than ever before. So historically we've looked at the employees.
So we have maybe 20,000, maybe 50,000, maybe 200,000 employees in our organization. We might have far more business partners and many, many organizations have far more customers. So when looking at a customers, it's done frequently about millions. And so it's are far bigger numbers, far more complexing, and this changes the way we need. We can do our management of the identities and the management of the access to our critical resources.
So the, this customer challenge of the need to share has been changing over time. We started with historically with centralized infrastructures internally used to the classic classical mainframe paradigm, etcetera. We don't move to PC and networkings. We have the internet emerging. So back in the late nineties or two thousands business partner integration, something we did quite a while before, but over time we had more and more of the business partner integration. So it's one of those things we really have today is, is we are not only talking about a little bit 80 factor or something anymore.
We are talking about very complex, tight integration of supply chains. And so on. Now we are increasingly dealing with our customers, tight integration of the customers, customer service stuff, etcetera, et cetera. We have to social logins to deal with. We have a lot of things we have to cover. All these things are making life for, for it somewhat more complex because the, the enterprise is not defined by a pyramid and mirror where we focus on the internal work. We have to deal with the out space here. And as I've said, there are some challenges around this.
So I've, I, I used the term sometimes the new ABC or the ABC, the agile business connected. And this is really what we have today. Businesses have to be agile and they have to connect what we call this open enterprise or connected enterprise or extended enterprise price don't care. Agile means we have new types of business models. A lot of industries have to reinvent themselves permanence in whether it's finance industry with new types of fi models.
They are, have to do different ways to deal with their customer Western the automotive industry, which increasingly has models, where they have to sort of the car to go stuff, etcetera, new communication channels, new business processes changes in the organization and the it applications on apps. Everything needs to become more, more agile. We need to be more flexible because the business model is changing the business processes change, and it has to react on this. On the other hand, we have this connected product thing I've talked before. It's not only about the employee anymore.
In a few business partners, the customers leads prospects, more information services. So the ability to, to get far more information is one of the things we also have to face integration with social network works, etcetera, etcetera, and this changing landscape, we as an organization or we as organizations have to react.
Now, this is the challenge we are seeing here. So they extended enterprise. The business demand is changing. They want to use cloud services. They want to access business partner systems. They want to collaborate in industry networks, managing the supply chain in a more efficient way, enable the mobile workflow for onboard business partners, interact with their customers.
When we have to provide the supply Federation managing for youth of users with new types of directory services, supporting the cloud computing paradigm, secure access to cloud services, flexible waste of cation, including social logins and all that stuff. And all this was a notion of risk. So understanding what is the context of the user and, and maybe we won't let him do everything using the same type of device. This is demand. The demand is here.
We need to provide a supply to deliver the business value around agility, compliance, innovation, enabling new and better form of collaboration and communication. And this is exactly where the cloud advance, the access management stuff comes into play. So this picture is a picture which shows sort of the evolution we are, we are seeing in this market. So there a number of starting points on that trust, reasonably published our Porwal cloud identity access management, which is available at our website, which describes us far more in depth.
So where, where did the, the various vendors come from, where these things heading? And then we have the on premise identity access management identity, access governance.
I am, I is identity access management, ATC access governance. We have also for, for some years, ATC management as service offerings either by, by solutions, which are specifically constructed for doing sort of, of the traditional on-premise identity management in the cloud, or which are just sort of outsource solutions. And this is something which moves toward what I call cloud based.
I, I achieve so more the traditional type of a good, a little bit more in detail on one of the next slides, but more traditional style of things. On the other hand, we have a number of providers which came more from the, we do cloud single. So allowing the users to look at a Porwal and pick the cloud service they want to use was a single sign on experience. So not also the case thing to every service. So cloud single is clearly more in the simple side of things, but it's a clear user benefits. So it's not bad. We have identity providers.
So ones that are trying to manage the users as a service identity Federation services. So federating in external users federating out to cloud services that are, are strong indication as a service. So various starting points towards the cloud user and access management. So this is sort of the second category we currently see in the market, which comes more really from new types of, of challenges in managing access to the cloud or securely managing access to the cloud. And we have third group, which are more industry collaboration networks, which are providing industry identity services.
So managing the users across the supply chain from all the suppliers and the manufacturers and providing additional collaboration services. So the letter from my perspective would remain for as a separate market segment for, for a while, at least for a longer period of time, while over time, the other two of the cloud based I, I G and the cloud user access management will converge step by step. So looking at the cloud user access management.
So the, this thing which spring off from cloud single sign on related services, we see an increasing number of features here. So outbound Federation to cloud servers and some web applications, self registration features inbound Federation for your business partners where self registration probably is more a way for, for, to deal with customers.
Cetera, we are looking at directory services to manage the data entities, also indication services, two factor indication of that type of stuff, some provisioning of users, access management. So who's allowed to use which cloud service and which way becoming increasingly granular cloud single sent on. So this is one of these areas we see as the, if we try to put the things into different buckets or different boxes, then this is one of the groups we, we see currently a little bit more consolidating allowing access to cloud services and on-prem type applications.
However, and I think one of the important capabilities for all of the services is they need on premise integration because the employees still are managed internally. So you need an on-premise integration to your on-premise directory services to also provide your employee is a positive experience, ideally without networking or not authenticating a second time, but by, by relying on your primary active directory authentication or whatever you're using.
And as I've said there, the second group is more, more around the sort of the traditional capabilities of oops, the traditional capabilities of identity, access management, identity, access governance with some added features. So at the core, there are provisioning services, managing users and various systems, plus excess governance or recertification role management, segregation of duty control and that type of stuff. Plus some single on solo, single on web, single on all stuff, plus some Federation access management capabilities.
So when looking at the, the upper level, this then helps managing access to cloud services on premise web applications, whereas the lower part of it. So again, requires a on-premise gateway to reach out also to the on-premise non web applications managed, uses they're in integrate with the on-premise directory services, which is one thing which is common to both of these approaches.
So if you look at both sort of waste to, to do some sort of cloud identity management or cloud identity access management, whether it's more that style of, I want to provide new features such as glassing as an on site registration, cetera, or whether you say I look more at the traditional approach of provisioning access governance, those have to be hybrid. Most organizations, the, the very largest part of organizations has on-premise applications. They have not only on-premise web applications, they also have on-premise non web applications.
So without being hybrid, without being able to, to connect to both worlds and without being able to, to make use of what you have for instance of your active directory. And I think some 90% of the organizations, if I have the numbers right, are using active directory. And if you look at that, it means the, the vast maturity of organizations still lives in a hybrid world. The user a indicates to its active directory first, and this is one of the starting points. This is where things have to come together.
So this connection back to the sort of the on premise infrastructure is a key success factor from our perspective, when it comes to cloud based at anti access management identity governance, but also for the cloud user and the access management, which is really more focused on how to deal with all the external users. So here maybe quickly going back to these two things that this one, what you see here, this is really more about how can I manage all the systems, access management, governance, et cetera.
Whereas the other one, this cloud user and access management is sort of saying, okay, the other part is what really manages the access of externals, giving them access to cloud services and on-premise web applications, but also reaching out to business partner applications, whatever you have while still being integrated with what you have. So that there's a seamless user experience. And here it's really saying, okay, I don't want to do identity access management the traditional way anymore on premise, but I need to contact contact back to what I have in my on premise world.
And this is what we see as the fundamental evolution in cloud identity, access management, cloud identity, access governance. Having said this, I want to hand over to will the caring and Gary path for their part of the presentation. So it's up to you to look at a concrete example of that.
Yes, thank you very much. So the first part will be done by me. I'm global operating manager for cybersecurity within Atos and identity and access management is one of my responsibilities. So when we look at the agenda for today, then we see that there are three points.
First, we, we do an introduction in the well the, the Federation of and clouds identity Federation. And then we have a deep dive into the functionality and the technology of the identity Federation of, and we finish with a short summary when there is questions and answers time after that. So next slide. So clouds are here now for a number of years, and we see that they have enormous benefits for organizations. They offer a lot more agility. And of course the costs are, which is an all time favorite are much lower than traditional environments.
So that's something that, that is really benefiting the, the, the business, the weight organizations to their business. So, but of course the introduction of plug also raises challenges and especially challenges in the security area where we today will focus on the identity and access management related challenges and aspects of the cloud. So when we look at a cloud from an identity and access management perspective, we can consider clouds more or less as identity islands, Sorry.
So where we see that they are not far up of the organization and they are not in the area of influence of an organization, so they are completely outside. And when you look, when you look at the identities and access rights, they need to be administered separately in the cloud. So this is something that is more or less like it was in the past when identities and access rights were manage per system also in the corporate environment.
And this means that the benefits of a corporate identity and access management system seems to get lost again again, a bit when we are adding cloud services to our corporate it landscape. So this is something that, that we have to keep in mind. And also from the user perspective, the ease of use that was introduced by single channel now also seems to be missing in the cloud. First users have to register themselves in the cloud. And after that, they have to log in each time they want to use the cloud.
And when we are only using one or two clouds, that's not dramatic, but the expectation is of course, that more and more cloud use will be entered in, in the organization. So in the end, this will be something that, that is not helping our users to do their work efficiently. So it's clear that this decrease of control and also decrease of the decrease of user convenience is not acceptable. And so from a corporate identity and access management perspective, there's a very strong amount to extend the corporate identity and access management system to cloud environments.
And then of course, to the cloud environments that an organization wants news. So when we see on the next slide, the, the, well, the statement that we have to extend corporate identity and access management to cloud environments, then that's easy set, but most what does that mean? So first we, we have to see that that three main aspects need to be addressed single sign on provisioning and deprovisioning of users. And especially also the deprovisioning is important like any corporate environment, but also in cloud environments, of course, and also the access governance is of importance.
So the details of how this is achieved in the identity Federation hub for the solution of a OS will be explained more in more detail afterwards in the next part of this presentation by Mr Haring. So when we see that a new cloud services added to the it landscape of an organization, these three mentioned points. So seeing provisioning and access government need to be addressed. And that means that they need to be implemented and maintained.
So this needs to be done every time an organization decides to start another new cloud service and to have the full benefit of cloud, there will be quite a bit of agility. So first many clouds will come, but also clouds will go. And so there's a lot of effort needed to address these changes. So when we look at that in a picture, we see that currently we have the corporate landscape with solid identity and access management in place providing functionality and a high level of control. All kinds of cloud services are available, of course, in the market and organizations can start to use it.
And when they do, they, we see that specific connections are needed to extend the identity and access management to each individual cloud. This adds a lot of complexity and a lot of effort, but I already said to, to set it up, but also to maintain it. So to overcome these challenges, the artist identity Federation hub can be used, and this provides identity Federation, single sign, cloud provisioning, and deprovisioning, and also excess governance.
And so the identity Federation will take away the, the complexity when we are going to introduce corporate identity and excess management watch clouds. So each new cloud can be now connected seamlessly and effectively. And then the next picture will show that in a different way. So when we look at the, the picture, the identity Federation hub is placed in the middle between the corporate organization on one end and the cloud environments on the other end.
And so when we have a closed look, we see two enterprises and only one connection is needed between your corporate organization and the identity Federation. So only one connection to set up once and to maintain. And then the identity Federation hub provides all the preconfigured connections to a wide variety of cloud services on the other side. And so in this picture, we see that these are public cloud services, but also all kinds of cloud services that are provided by Atos in the end, all kinds of cloud services.
And this eliminates the burden to set up and maintain these connections to each individual cloud from the organization itself. So from the corporate organization and because the, the connections are already pre-configured. So both when you are connected to the identity Federation of the connection between the organization and the identity Federation of, but also the connections to cloud environments, the well, the deployment time can be very short. So the time to, to connect to a new cloud service can be substantially called short.
And when we look at the other part of the, the, the picture also for end users, this identity Federation that provides the seamless access to cloud services when they are already signed in on the corporate environment. So like they were used to in the corporate environment, no Excel login is needed when they start to connect to one cloud, or maybe some clouds after each other.
And because the cloud services are now more or less part of the extended identity and access management environment of the organization, they are also part of the controller is covered by the items, the corporate identity and access management. So in the next slide, we will see the benefits of using or moving towards the identity Federation hub. So cloud services become part of the extended corporate identity and access management system. So they're covering single cell on provisioning and deprovisioning and access governance. The service is based of offered as a size based service.
So there are no upfront investments in hardware, software, and maintenance and S takes care of the, the processes and the technology that is needed to provide the service. So the customers can really concentrate on their core business and how the use of cloud services can improve this business.
So that's, that's their part due to the preconfigured connections. The cloud environments that are already used can be, or, or that, that need to be used, can be deployed rapidly and well, apart from the ease of use, the identity Federation of extends the flexibility. And of course also the cost level in, in instead of when you do it by yourself. So then the next slide will show the experience that Atos has in identity and access management. We already have a long history in this area. We have our own identity and access management product suite called tier X.
So our expertise is both built on the, the details that, that are needed to provide a comprehensive product suite, but also on the implementation of identity and access management services in customer environments. And because we are a system integrator and also on managed service provider, we know how to implement and to run identity and access management in the content of the business of our customers. So we are much more than a technology or a product provider in the end identity and access management is not about technology, but it is also about how to use it in the context of the business.
We have a, a substantial number of customers. So we, and we also have a, a large implementation estate and a number of identity and access management specialists that are available worldwide that can help our customers to solve the identity and access management challenges. So after this, I would like to hand over to repairing and who will show a bit more behind the scenes of the identity Federation hub, not Okay, thank you hued. So good afternoon, everybody. Let's just start with a look at the good old times and the challenges we had, then there were a lot of applications.
Each was its own user store and authentication method. There is the pain of the many user stores identity and access management was introduced and brought in two provision to user accounts from a central store. So administrator only had to take care of central identity store. It was now possible to do automat provisioning based on roles and permissions, and also to automatically enforce authorization words.
The next this issue is with all the passwords that employees have to remember to solve this single send on, for example, using cables was introduced users, not only had to log into the company network to get access to most of their applications. The next task as Mr Kuppinger mentioned, was integrating external users and partners. This also brought new authentication methods for strong authentication, like onetime passwords certificates for increased security.
This also integrated quite well with existing identity and access management system, being a local system, just stating another target system on premise, the companies now had a cost efficient, secure and auditable environment on premise. So this was the starting point of Mr. Kok evolving slide knowledge go to the end point to the trust and time a new kind of application of lives at the moment cloud services and the same challenges as before appear.
Again, cloud applications do have their own user stores being the identity islands mentioned by have, and they have their own authentication with thoughts implemented most of the time user and password. The users, again must remember many credentials and administrators must manage many identities outside the pyramid of the enterprise. Now in many different application stores, this often means manual provisioning and management authorization.
And this setup, as you can see, the enterprise has lost the use of strong authentication methods for the new services, as there's no connection to the cloud services management of identities and why it must be done for each new service and auditing coming in with the new laws. And a lot of pressure from there is much harder to do. Cloud applications did react to the requests from the companies, which brings us now to the next slide cloud got interfaces interfaces for application programmers, APIs to enable programmatic provisioning, but there are no standards for that.
So many different types for invented. And each year you see thousands of new APIs here. If a single service might offer more than one API and APIs, sometimes don't offer all the functionality, which is our label in the graphic reuse interface for the cloud service. Most common at the moment is some kind of first interface.
Some people are using scripting, but the new protocols, which like to introduce some kind of standards like skim or, or a are hardly used yet, but with the APIs, it's not possible to create adapters on enterprise for automatic provisioning of users to the cloud applications. As there's no common standard. As I mentioned for the provisioning interface, each cloud application needs its own adapt because of the work development cycles already existing APIs become obsolete and being switched off for the benefit of an interface.
That's just what happened at the start of this year with Google labs, the old interface was fully disabled and adapters using it must be upgraded to the next version, or they will just not work anymore. And there was no backward compatibility now where to get disconnected for the identity management system. This will be our make by decision for the companies currently to often with sales center, make it yourself approach as swear, made adapters for the existing identity and access management systems ask scar.
This means bringing the complexity of the interfaces and management of rapid changes home to the company grounds, which people try to avoid by supplying the enterprise identity management system in the first place. Also continuous maintenance is necessary. All the service might stop working like it happened in the past already. So we now had a look on the provisioning part, but what about things are on cloud services, got the ability for delegated authentication. This means they will accept an authentication identity if it is presented in the right way to do so. We need a Federation service.
The other side of the game on the customer environment. This means a new service again in the enterprise identity access management landscape, then trust must be established between the cloud applications and to Federation service administrators have to configure first endpoint for each cloud application at the Federation service. And each cloud application must be configured to trust this Federation service. So double be enough work for the administrators and each new cloud service will again, need attention trust. Let's say a short look at the user experience.
Let's take the external user, which is ING access to one of the cloud applications. So we'll now be redirected for delegated authentication to the Federation service. The Federation service might read authorization data from the local user store decide which authentication method is the most appropriate. And probably because it's an external user select some kind of strong authentication.
Finally, the user will be redirected to the cloud application together with its ed identity and get access to the application with this delegated authentication. Two things become very important, high availability of the Federation service. Any downtime we have here immediately impacts the ability to log in and use the cloud services. If your company is based mostly on using cloud service, this means no one would be able to work anymore.
And of course we need high security and production of this Federation service because unauthorize access to the Federation service potentially opens up access to all of your cloud applications. So now how can the identity Federation help help the identity Federation hub will remove the complexity and maintainance effort from the enterprise. So let's first have a look at the cloud side. All cloud services can connect to the identity Federation hub for delegated authentication should be indicated by the wet hours.
So no need to maintain and create connectors at the company side done at the identity Federation hub, the identity Federation hub will also provision to the user stores in the cloud applications on a need to know basis as it is capable of authorization decisions, only identities entitled to use a service. We'll get an account at the service side. Also important for pricing issues. Similarly expired users will be removed from the cloud service. Finally. Now let's check on the enterprise side.
The identity Federation app itself will also use already existing authentication methods in the enterprise environment. So for example, the strong authentication already deployed for your external customers. This removes the necessity to store credentials on the identity Federation hub and increases security as it uses standard protocols, not new adapters are needed on the enterprise for automatic provisioning and it on the ad can be used, which again, only transfers the identities, which are marked to be entitled to use cloud services.
And only the attributes are transported, which are needed for provisioning. There are other systems on the market, which in general, always just push up all content of your active directory. We don't do this as an additional feature internal web publications you have on premise can also delegate authentication to the identity Federation hub. You remember the hybrid systems Mr. Co mentioned, this will create homogenous environment for authentication and the consistent user experience for local and cloud services.
So again, have a look at an end user experience. Again, let's start with the external user. So the user tries to access the cloud application. Now the cloud application is delegating the user to the identity Federation hub and the identity Federation will now determine the best method for authentication as this is an external user probably will use strong authentication, ask for the credentials and check them against your log installation for the strong authentication.
Finally, the user will get access to the cloud service when he has to write to and access the, the wider password. As a second example, let's see another feature, our internal user trying to access our web application. The application is delegating the authentication again to the identity Federation hub. Now the identity Federation hub shows Notability can recognize that users coming from an internal network and select a pop authentication method. In this example, it will use the identity Federation hub agent to use the existing lock on session of the user to indicate the person.
This means for the internal user. It'll not have to enter any credentials at all. The access to the web application will be totally transparent. Of course it would be also possible to enforce strong authentication or to do step up authentication. If an application has higher security requirements, the authorization machine inside the Federation hub uses the extensive access control language to define authorization, use X ACML. So role or attribute based access control above possible.
And finally, also this example to usable get access to a web application last but not least when you implement new authentication methods like smart cards, one time passwords, whatever the additional authentication methods become immediately available to all the users for all the applications being connected to the identity Federation hub. The easy integration of integration methods also means that new partners, subcontractors, acquisitions, you name it can be easily given access to the services while still maintaining strong control over access rights.
This is one method to handle the identity explosion mentioned by Mr. KA earlier. So to sum it up, management of many cloud applications will become simple as the identity Federation cares for permissioning, for the adapters and for an easy interaction with the existing user store, it is built as a software as a service. So it can go easily with the needs of the company. As a multi-tenant environment, cost will be much lower than setting up all the necessary adapters and endpoints in the enterprise environment and managing them still if need did.
It can be provided as a customer dedicated environment in one of the ATO data centers, not itself. A short look at roles and responsibilities. Originally applications were on site. The enterprise was responsible for working applications for managing its employees and ensuring proper authentication are on premise. Now we got the new kind of application called the cloud service.
So here the responsibility for usability went to the service provider, but the enterprise also got new tasks provisioning now must reach to the cloud single send on, got a total new dimension and enforcing authorization needs, setting up licenses involved in the new services to simplify the access to cloud service and to reduce costs. We provided their identity Federation hub. So it'll take over the new tasks forced on the enterprise, take care of their rapidly evolving interfaces and enable the enterprise to deal with the new services as if it is trust another local application.
Additionally, it a tool web single sign on experience for external and internal users and also for internal web applications. So finally, let's do a short summary of the identity Federation hub. It'll make it much simpler to integrate cloud services and to extend existing corporate identity in the access management to embrace the new tasks in the way of the hybrid. Working as Mr. Copping mentioned, the key feature is secure single send on to the public and private cloud services and to local web publications leveraging the existing infrastructure of the enterprises.
So here you can see simple list of all the cloud service, which you can connect to Quite A list. So finally, what makes up the Artos identity Federation hub inside the identity Federation hub is based on the JX product suite of Artos with over 10 years of experience and millions of identities already being managed, starting from a very fast and standard compliant directory, our future, which identity management system, ensuring governance and automated provisioning to secure and reliable access management and Federation system provides an integrated solution.
Everything working together, accompanied by an audit application for sustainable compliance and transparency. And this, this, I end the technical overview and give the voice back to her.
Yes, well only to do the main takeaways before we go to the questions and answer session to, so to summarize what the identity Federation hub is providing, it provides an easy and low threshold to connect your organization or your corporate identity and access management to the cloud. Only one connection is needed. I think that's important. One connection needs to be set up and the rest is already there. So the connections to the cloud are taken care of by, by ADOS.
It helps to, to keep the ease of use and the level of control that that is already there in corporate identity and access management environment. And that now is extended to the cloud as well. And it is offered as a SA type of service providing optimal flexibility and optimal cost control. So this is the identity Federation hub. I hope that that well, that we gave a clear explanation of what it does and what it can do for your organization.
And well, now the time is there to ask questions that we will try to, to answer. Thank you very much. Thank you. And then I take over control again. You should be able to see my screen as, as carried and really said, we are in the Q session Q a session now, and we have, have some questions already here.
So, so I think one, you touched later in your presentation, but I want to bring it up anyway, is the authorization logic. So who has access to what, the stuff or AAC your support hosted in the identity Federation hub or in local altercation authorization server. So on the on-premise system. So the machine is hosted in the identity Federation hub, but it might take hints or settings from the local settings. Okay. I think it's short and good answer.
Another question I, I have, and I think it's a very important one for, for a lot of customers is you said this is hosted in the eight data centers. So what I'm I'm curious about is, is a little bit about where are these data center service locations and where are they operated from?
I think, especially for European customers, this is one of the main questions when they're looking at cloud-based services, particularly in this sensitive space of access. Let's me answer because in all them they are based who you like them, or we have a big data center in Germany. We have one in the Swiss we have in France. So we yeah. In the Netherlands, of course. So probably depending on the location of your company, we will take the nearest data center and hols them in Europe or even in your own country. Okay. Next question.
What is your let's look at the, the licensing licensing model. So is there a mix of setup fee and per user fee, or is it only per user fee and per interface proceed or a combination? So maybe you can give a little bit more information on the licensing model and China. So which factors go in and how does it work? It's a combination of user fee and the number of environments that are connected to.
So it's, it's pretty straightforward. Okay. That recognizable components. Yeah. So what is the mechanism for primary authentication from I FH Federation up back to the enterprise. Good question. Primary authentication. We try to reuse the authentication effort you're using already. So if we have to check credentials, we must transport them down to the enterprise, but it will depend on the setup of the enterprise side.
We often find that we already have a strong authentication method, which we can use, but as we have seen shortly, the identity Federation hub agent can supply us also with ability to use user and password against their ad and transport user and password in the one way and the authentication state in the other way, in a secure way. So we will not have a really preferred way of authentication. We will try to use the one best fitting to your enterprise. Okay.
Another question I have here is what are from your perspective, sort of main standards, Sam OMI, Fido, sort of new phyto stuff, others, and, and are these sort of death standards, which, which are here to, to stay or will they be replaced by something else? And what is your overall standard view From an industry standpoint of view? It looks like that some, 2.0 will stay for quite some time because it is established in many of the applications at the moment. So it don't looks like it'll go away very soon, but of course it has an heavy overhead of being an XML exchange.
So we do expect that or of is upcoming very fast and will be the defect standard in the near future. I'm not sure if it'll be the industrial standard, but for the business to customer, we do see that nearly all applications are now implementing or else 2.7. What is the mechanism for adding new cloud services to the internet, to the ENT Federation, Huber, API, or configuration interface to leverage well known methods like a general adapter, or is it fixed Las artist that is updated occasionally? So how can you add your own cloud service easily there At the moment?
Technically it's fixed set by as so we've shown it's not only single send on. Yeah. If you only want to do single send on to a cloud application there, we basically have to two standards, which are now used, as you said some and world. So there will be an interface to implement them. But if you go to the way more interesting part of doing there is no standard interface today. So it'll always mean some implementation work being done by the identity Federation hub team. Okay. I think these were the questions I have so far.
I think a number of questions and we will, as I've said, we will publish the slide deck latest tomorrow and the podcast recording and all Gary and me are available. So if you want to reach out to us, don't hesitate to contact us was further the questions. So thank you to all of the attendance of this cooking call webinar. We have a number of upcoming webinars in the next weeks, and I just want to highlight again, our upcoming conference and some of the research we have around this topic. So there's, there are various pieces of research. Some I have on those list here.
Thank you to the panelists and thank you to the attendees. Hope to have you again as an participant soon. Thanks.
