Streamlining the Value Chain with Partner Identity

Life used to be so simple. You would give your employees password-protected access to systems and applications on your network, and that was that. Sure, a little user education was required so they wouldn't write their credentials on the proverbial yellow stickie, but it was a straightforward task to keep away unwanted intruders.

Obviously, that is not the way we do things today. Now, you have to secure not only workforce access to your systems, but customer access and, increasingly, partner access, too. Partner identity and access management (IAM) can be a significantly complex process, depending upon how many partners you have. For the largest retailers, like Walmart, which has 110,000 partners that need to access the partner portal, partner IAM can be a sinkhole of complexity and expense.

So Many Identities, So Hard to Manage

Partner IAM is difficult and unrewarding to master because partners and suppliers are not employees. So, large companies face the task of managing IDs and passwords for a potentially very large group of users who are not employees, an extremely unwieldy process, considering they don't know when the partner's employees leave the partner company. There is a constant state of churn at every company, trying to stay on top of that for users at another organization is a guaranteed headache. Partners rarely ask their partners to remove users in a timely fashion when employees leave. Costs mount along with the number of password resets.

The process is burdensome enough, but then think about the risks involved. Target endured a public relations disaster in 2013 when a hacker got onto its systems via credentials stolen from an HVAC subcontractor. Along with the considerable blow to tens of millions of cardholders' trust, Target shareholders had to foot a bill of nearly $150 million as the cost of the breach. No one wants to have to answer for that kind of destruction.

Without a partner IAM solution, many companies use a rather draconian method to solve the problem: On a monthly or quarterly basis, they require every user at every partner to revalidate their ID and passwords. It reduces the number of inactive users in the system, but this method makes for terrible user experience, and it's difficult to manage, to boot.

Most organizations have little interest in managing other companies' users. The real solution is federated partner IAM, in which companies authenticate their own users and validate their own passwords and receive federated access to partner systems using a partner IAM solution.

The partner IAM solution has to be super-simple to adopt (or partners won't adopt it). When it comes to federation, there are three distinct types of partners for the purposes of connection:

1. The so-called "mom-n-pop" shops. The smallest of all partner types, these entities don't do authentication. They may only have one user. Many in this category barely have a computer. They need a cloud-based service that provides a directory for their users and a cloud-based federated single sign-on (SSO) portal. They need to store their users and give them a log-in to their federation system.
2. Partners with some technical infrastructure. This category includes classic small to mid-size businesses (SMBs). These companies do have a directory (perhaps Microsoft Active Directory or Azure in the cloud). They don't have SSO capabilities or federation. They need a cloud service that bridges back to their directory and authenticates their users using corporate credentials and when they are authenticated presents a SSO portal to them.
3. Enterprises that have federation, SSO and directory capabilities. Large enterprises need the information necessary to connect their federation SSO system directly to the partner's systems. This can be a more complex task than immediately meets the eye as the people who handle IAM do not tend to overlap organizationally with the partner/supplier managers. That can increase the onboarding time.

Ping's Partner Identity Solution speaks to all three groups, leveraging both our Federated Access Management capabilities as well as our cloud identity and directory services, providing:

• Cloud Directory. Our User Management capability allows your smaller partners to manage their own user identities in our cloud directory, in minutes.
• Cloud SSO. Our Federated Sign-On in the cloud is critical for those small and medium-sized partners that don't have federated SSO capabilities in-house. In a few clicks they can have their own SSO portal in the cloud with a direct, secure connection to your portal.
• Federated access. We utilize our Federated Sign-On and Access Security capabilities to allow partners secure and seamless federated sign-on and access to all the internal and third-party applications and APIs needed. If your partner has its own federated SSO solution, it can utilize that to connect.

The cost and risk of managing partner identity can be daunting. Arm yourself with a partner IAM solution that eases the process, reducing the chance that you will be caught in the hot seat.