When building customer applications, developers must consider everything from UIs to platform compatibility to end user experiences and more—while under pressure to get the app to market as quickly as possible. Implementing customer identity isn’t always top of mind, and when it is, it’s often in the context of a siloed approach of integrating key capabilities like registration, account recovery and multi-factor authentication into your specific application.
But in today’s world of digital transformation, company initiatives can drive a change in priorities. It’s important to consider how your application is positioned in the broader picture so that you can plug back into a centralized identity infrastructure and integrate your app with the larger enterprise if required. And if your identity-as-a-service (IDaaS) solution fails to meet IT’s requirements, you may end up making extensive changes or replacing it altogether with one that is much less developer friendly.
The following capabilities can help you avoid being forced to heavily modify—or worse, reimplement—your identity solution in the future.
The IT Identity Checklist
Standards support (OAuth, OpenID Connect, SAML) Standards support isn’t always, well, standard. To comply with IT requirements, you’ll want to closely examine which standards an identity solution supports and understand fully what that support entails. At a minimum, you need support for OpenID Connect, SAML and OAuth, which allow you to pass authentication details and user information between applications and are the basis of implementing key identity capabilities such as single sign-on (SSO) and access security. This provides the ability to pass information from any app, whether that app is the identity provider (IdP) that is authenticating the user or whether it’s the service provider (SP) receiving data about an authenticated user.
Hybrid IT Support IT executives across all industries have turned to cloud computing and launched cloud-first initiatives. But even though we are years into this shift, the reality is that many enterprises are operating under a hybrid model of a mixture of on-premises, private cloud, SaaS and other applications. Your enterprise likely has many applications that remain on premises, and if you’re mandated to connect your application’s identity solution with your enterprise’s larger IAM infrastructure, you’ll need it to support SSO, authorization and a unified customer profile across that hybrid IT environment. And some of the apps that your enterprise hosts on-premises or in virtual private clouds may not be based on standards, so a solution that can facilitate agentless SSO to any application, wherever the app is located or whether it is based on standards or not, is critical.
Delegated Administration Capabilities Delegated administration allows you to assign administrator capabilities within your identity platform, and even vary administrative privileges across environments. Enabling your IT department to assign environments and populations of users to administrators will be an invaluable feature should IT mandate integrating your application into the enterprise at large. And the more robust the delegated administration capabilities of your app (for example, the ability to grant an app owner access only to the users, configurations and other details that pertain to applications they manage), the easier it will be for your IT team to centrally manage identity profiles for their various enterprise users—and the less likely it is that you will have to overhaul your application.
Synchronization with On-premises Identity Stores IT benefits when all applications are able to leverage a unified profile, and your app’s ability to bi-directionally sync its identity store with your enterprise’s on-prem directory is crucial in furthering that goal. When your users log into your app to update their address, password or other data, and those updates are reflected in your on-prem directory, legacy and other apps that IT maintains can access user data from an on-prem directory with data that is in sync and up to date. Similarly, updates made via other applications to your on-prem directory will also be made in your application’s identity store, enabling your app’s users to have a more seamless user experience.
Enterprise scale, performance and security
Your IT team has been tasked with making sure enterprise applications have the scale, performance and security required across your organization. A high level of standards and hybrid environment support, along with delegated administration capabilities, are critical to ensuring that your application’s identity solution meets these requirements. To learn more about customer identity and access management made easier, please download our white paper “IDaaS for the App Developer.”