- (Social) Registration
- Consent Lifecycle Management
- User Self Service
- Single Sign-On (SSO), (Strong) Authentication & Federation
- Identity Validation & Proofing
- User Management
- Service Desk
- Multi-branding & Omni Channel
- Attribute Flexibility
- KYC, profiling and auditing
- Marketing Analytics and Intelligence
Companies are increasingly focused on offering their customers frictionless experiences. The customer registration process is vital herein as it can either be a facilitator or a bottleneck for customers to proceed. The paradigm here is that it should be as easy as possible, yet highly secure.
iWelcome unburdens organisations by offering three types of registration each of which offered via APIs or customer-branded UI:
- Standard Registration with a set of mandatory and optional fields; validation is done via email (and optionally SMS);
- Social Registration reduces the registration effort by removing the need for consumers to use usernames and passwords allowing them to engage more easily and quickly, using their existing social media identity. iWelcome is the only provider to offer this in a GDPR-compliant manner;
- Flexible Registration and Activation allows clients to configure workflows with certain software components supporting a wide set of registration use cases.
- Identity matching via RESTful API / Web service;
- Multiple registration and login options;
- Support for all standard federation protocols;
- Customised registration process using BPMN 2.0;
- Account linkage with smart matching.
Today’s digital customer engagements are about offering ease and creating trust. Organisations need to redesign their customer journeys and incorporate opportunities for consumers to respond and provide consent.
To facilitate this, it is indispensable for organisations to run a proper Consumer IAM solution. Although some organisations today have a (home grown) Consumer IAM solution in place, most of these solutions lack the right capabilities for managing consent and preference settings.
At iWelcome, we refer to this as Consent Lifecycle Management (CLM).
As these settings are subject to regular change – think of updated privacy statements and changed personal preferences by the consumer – they are particularly complex.
To help organisations deal with this complexity, iWelcome has developed a CLM product that can be delivered on top of the iWelcome Consumer IAM product or as separate module, complementing an organisation’s existing Consumer IAM solution. This standalone CLM product is unique in the market.
The best way for companies to deeply engage with their end-users – while being compliant to GDPR – is to set up a self-service domain where consumers can view and change their own personal data settings themselves.
iWelcome’s user-service functionality enables consumers and employees to access and change profile information and data attributes, add social login connects, request additional access, do password resets, give or withdraw consent, and much more. All 24/7.
User Self Service empowers the end-users to manage everything around their Identity, full stop. It will give them trust and control. GDPR itself also dictates the Right of Information and Access for the consumer.
User Self Service is, with consent management, necessary for User Managed Access (UMA).
- Fully in line with GDPR;
- Available through branded UI and APIs;
- User access to all functions and attributes;
- Enable Consent, Profile, Preference management;
- User control for DIY.
The key to being successful is to offer frictionless user experiences with the right levels of authentication.
iWelcome offers the following capabilities:
- Single Sign-On allowing (end-)users to log in only once for access to multiple applications and/or services;
- Multi-factor authentication based on the best industry standards Included push & swipe option for optimal customer experience or OTP via SMS or email;
- Risk-based authentication allowing for real-time risk assessments based on certain parameters, to be configured per client;
- Step-up authentication allowing for different levels of authentication required for different parts of your offering.
- One Log-in for frictionless customer experience;
- Customer-friendly yet strong MFA;
- Add real-time ‘context’ to user profile;
- Strongest authentication applied only when required;
- Authentication is decoupled from actual service.
iWelcome’s identity validation allows companies to make sure a digital identity can be associated with a real person. Validated Identities enable high value and high-risk transactions on data to take place over the web. It is key for full digital transformation. iWelcome can integrate with providers of identity validation (e.g. WebID) and digital alternatives (e.g. iDIN in NL or GOV.UK in UK).
Identity Proofing is about assessing the probability an identity claim is legitimate, as there is no such thing as absolute certainty.
- Increase trustworthiness of an identity;
- Decreased risk on fraud;
- Multiple identification means available;
- Support for STORK levels of assurance.
iWelcome offers multi-level user management functionality that can be used to add users and groups and to assign users to groups. Delegation of user management is supported on several levels, where at every level a user manager can be assigned the role of delegated admin.
Among others, the following scenarios are supported:
- User registration by delegated admin via a simple web-portal for (temporary) accounts;
- Administration (e.g. disable, delete, etc.) by delegated admin of temporary accounts;
- Delegated users/Guests can set and activate their own password via the self-service portal;
- Delegated users/Guests can reset or change their password via the self-service portal in case the password has been lost. Client benefits
- Delegated users can (re)set/activate/change passwords;
- Available via customer-branded UI or RESTful API.
To facilitate its clients’ customer care management, iWelcome offers a Service Desk application that is tailor-made for customer care and service desk operating teams. It provides these teams with all of the functionality needed to effectively help (end-)users with any access-related issues that may arise. The application is highly scalable as it is designed for serving large enterprises serving millions of users.
- Ability to quickly search users;
- Full view of all identity-related information;
- User timeline showing all relevant identity-related events;
- Password reset initiation;
- Overview of service disruptions to troubleshoot issues;
- Can easily be integrated into other customer care system(s) Provisioning refers to the creation, maintenance and deactivation of user objects and user attributes over multiple systems and applications allowing these to interact with business logic.
The iWelcome platform provisions and de-provisions’ user accounts and attributes from multiple source systems (e.g. CRM, HR or any other identity stores like Active Directory, Windows Azure Active Directory, Identity Management Systems, and/or Master Data Management) and/or LDAP directories to business applications (relying parties). Provisioning of groups can be arranged via both push and pull mechanisms.
- Automated & efficient provisioning processes;
- Group provisioning on pull- and push basis;
- Supports open source frameworks as ConnID;
- Standard connectors or API- and SCIM-based.
An interesting case within Identity & Access Management is when (mainly large) companies own different brands (and thus: market identities). With its multi-branding functionality, iWelcome is perfectly able to support these companies with one single identity infrastructure over multiple brands, while maintaining each brand’s own identity (and thus look&feel). This typically results in consistent corporate management and lower TCO.
- Segmentation options over brands;
- Multi-branding with single 360 view of the (end-)user;
- Omni-channel by design & principle;
- Delegation within brands.
Today’s user experience is driven by user’s characteristics, also known as data attributes. As no business is the same, there is a strong need for valuable identity-related attribute information (ranging from relationship number till for instance the consumer’s shoe size). Attribute-Based Access Control (ABAC) and UMA are the future, with attributes as the fundament. iWelcome offers organisations flexibility when it comes to gathering data attributes.
- Metadata for every attribute (like validation level, data classification, expiration date);
- Federation protocol and/or Rest API data exchange with customer environment;
- Bi-directional data exchange;
- Admin-UI to set UI attributes and/or disclosed by API.
KYC is the process of identifying and verifying the identity of its consumers and business partners. This functionality is to ensure that company resources are not misused for criminal activities as money laundering.
iWelcome’s progressive profiling helps organisations build profile information over time as the consumer’s trust increases. This unified profile of the consumer is important for any marketing or segmentation toward consumers, creating value. Identity Data is the heart of a CIAM program!
- Increased trustworthiness of an identity;
- Decreased risk of fraud;
- Multiple identification means available.
Customer identity information is more than interesting for every company’s marketing and sales organisation as it provides clear insights into your user population.
Via iWelcome, companies can easily extract complete and correct user intelligence.
The following (and more) types of intelligence can be extracted:
- Number of accounts, per attribute and / or preference;
- Number of authentications, per geo / device/ browser / time;
- Accounts with latest login and number of dormitory accounts;
- Number of new account per period / category / geo;
- Failed authentication attempts.
- Integrated with main CRM and MA providers;
- Logs are stored in secure locations;
- Possibility to run reports at all times;
- Multiple formats available for extracting;
- ELK (ElasticSearch, Logstash, Kibana) stack is supported.
Application logs containing HTTP response codes, errors and other related information are closed (existent, but non-accessible) after 6 weeks and deleted (non-accessible & non-existent) after 6 months. These logs are generally used for troubleshooting. Application logs containing user data (e.g. name, surname, address,etc.), user events (e.g. when password was changed, consent given, name changed, etc,) and logs from our emailing service are closed after 6 weeks and deleted after 6 months.