Free Demo Contact
USE CASE

Enhanced organizational security

Role-based Identity and Access Management that follows the least privilege principle and serves as the cornerstone of a Zero Trust architecture.

CHALLENGE

How to migrate to a future-ready security approach

Traditional enterprise security assumes defined security perimeters. The focus is on strong access control to the corporate network, but once inside, connected users and devices are assumed to be trusted. As remote work becomes standard and not only employees but also contractors, customers, and partners require access, a fundamentally different security approach is needed.

SOLUTION

Identity-driven security, with Zero Trust as the foundation

HelloID organizes from a single place the issuance, management, and use of all user accounts and associated access rights. This forms the basis for an identity-based security model in which every user is verified in every session and receives access to applications and data only on a need-to-know basis.

Identity and role-based security

  • User accounts are issued and managed based on source data such as the HR system.

  • When employment ends, accounts are automatically removed. No risk of data breaches from forgotten accounts.

  • Access rights are granted and managed based on a person's role; all access is on a need-to-know basis.

  • Access rights are always up to date. Role changes automatically adjust permissions.

  • Secure request process for additional, non-standard access rights. Includes automated approval workflows and, preferably, time-bound access.

Flexible access security

  • In combination with, for example, Active Directory, a flexible framework for additional authentication and authorization functions.

  • Comprehensive Multi-Factor Authentication for additional verification. Supports multiple standards, authenticators, and tokens.

  • Role-based access can be refined with contextual factors such as time, location, network access, and device type.

  • Support for different user groups. In addition to employees, for example contractors, customers, and partners.

Fully auditable solution

  • Access attempts to systems and data are centrally logged and can be quickly analyzed for reporting and audits.

  • Reports of all granted access rights, broken down by users or groups, departments, roles, and more.

  • Reports of access requests, including requesters and approvers.

REQUIREMENTS

Features

Identity Lifecycle Management

Process changes from source systems, such as an HR system, and automatically create, modify, or revoke user accounts and permissions based on them.

Role-Based Access Control (RBAC)

Assign and revoke accounts and permissions based on roles. Each role defines which accounts and permissions are required.

Self-service & workflows

Automate handling of access requests and other user requests.

Helpdesk delegation

Delegation and standardized handling of IT tasks through forms for non- or semi-skilled help desk staff and key users.

Open integration

Support for open standards together with an extensive connector catalog to integrate various source and target systems.

Single Sign-On

User-friendly and secure access to all applications through one portal, one username, and one password.

Multi-Factor Authentication

Enforce additional security by applying multiple authentication factors and conditional access policies.
HOW IT WORKS

How we deliver Zero Trust ready Identity and Access Management

7 steps, each configurable with low code or no code

  1. Source system: Integrate HelloID with source systems such as HR, SIS, and scheduling systems. Changes in the source data are automatically available in HelloID.

  2. People: Normalize person and role data from source systems into a common representation within HelloID using an identity vault.

  3. Business Rules: Define rules that determine which roles receive which types of accounts and access rights, and under which conditions.

  4. Target systems: Connect HelloID to on-premises and cloud applications. This can be implemented incrementally per application.

  5. Service processes: Automate processes, including online approval flows and activation in target systems. This can be executed per process as a separate step.

  6. Access management: In conjunction with, for example, Active Directory, configure access procedures such as Single Sign-On and Multi-Factor Authentication.

  7. Reporting and auditing: Configure standard and customer-specific reports and monitoring functions for analysis and audits.

FAQ

Frequently asked questions

What does Zero Trust security mean?

Traditional IT security is like a castle. There is heavy investment in network security, the digital walls and moat, but once users and devices are inside, they are trusted. As we work more remotely and in the cloud, this traditional access model is no longer sustainable. IT applications must be reachable at any time, across many networks and devices, and not only for employees but also for contractors, customers, and partners. Modern IT security must start from the assumption that no one is trusted by default. For every user session, the questions are who is requesting access, what their role is, and which access rights are required. The user's identity is the foundation, which makes IAM a key function in such Zero Trust architectures.

What is the least privilege principle?

The least privilege principle means that access rights are granted on a need-to-know basis. A person receives only the rights required to perform their tasks. Rights are tied to a person's role, and Role-Based Access Control is the method to enforce least privilege.

How does HelloID ensure that 'forgotten' accounts do not pose a threat to the organization?

HelloID organizes from one central point the issuance, management, and use of all user accounts and associated access rights. User accounts are automatically created and managed based on source data such as the HR system. When someone's employment ends, accounts and rights are automatically revoked, which significantly reduces the risk of data breaches from forgotten accounts.

How flexible is HelloID's Multi-Factor Authentication?

HelloID's MFA offers a high degree of flexibility. It supports multiple standards, authenticators, and tokens, which allows organizations to tailor their MFA solution to their specific needs and risk profile. MFA security can also be refined with contextual factors such as time, location, network access, and device type, which enables a layered security approach.

How does Role-Based Access Control contribute to security?

RBAC ensures a clear and unambiguous link between a person's role and the rights needed to perform that role effectively. Thanks to RBAC, there is no uncertainty about the required rights and errors are prevented.

What is the difference between RBAC and Business Rules?

RBAC (Role-Based Access Control) is the concept in which a user's access rights can be derived from their role. For example, an accountant at a healthcare organization receives standard access to the financial system, but not to the Electronic Health Record (EHR). Within HelloID we implement RBAC using Business Rules. These are configurable rules used to assemble the RBAC framework. They are not limited to rules about which access rights match which user roles. Business Rules can also define the context of access rights. For instance, an employee and their manager may both access the same system, but the employee only during working hours while the manager has 24×7 access. This is defined in a Business Rule.

Talk to an expert