Where IT previously catered to internal employees needing access to information inside the company network, many organizations now find themselves in the preliminary stages of sharing information from their company networks with external clients. A wholesaler, for example, may offer clients a portal where they can view inventory and order status, their customer details, and outstanding invoices.
Ensuring the safe exchange of information to third parties is a whole other issue, as is the process of letting users authenticate themselves. However, the process is usually simple and easily managed, in most cases, automatically.
Identity Providers
In addition to providing access to employees, organizations are also becoming identity providers for external customers needing access to business information stored in the company network. External clients, such as a utility provider, who log in to the network, via a portal, must be able to easily authenticate themselves.
Most organizations choose to use their existing Active Directory for this authentication. After all, the Active Directory (AD) is an excellent credential store for employee user accounts.
Since most users also often have considerable AD experience, enabling optimum management and continuity, most organizations also choose to include an AD account for external customers who need to access their network. Organizations often enter into agreements with Microsoft to prevent Client Access License (CAL) fees needing to be paid unnecessarily for infrequently-used AD accounts.
A drawback of adding customers to the internal AD is that the number of accounts increases significantly.
Organizations also often realize that they must have the identity lifecycle for third party accounts fully under control. After all, if any customer can log in via the portal, this could result in potential financial damage. Thus, the organization must ensure that their AD is clean and up-to-date. All of this represents a major management burden for the IT department.
These issues can easily be solved though using an identity management solution enabling real-time user account management for external customers.
The CRM Solution as Source System
Another consequence organizations face when deciding to add third party accounts to the AD is that it involves a source system other than the one utilized for employees.
For them, the HR system is often used to create network user accounts, but customer data comes from a CRM system. More often than not, CRM systems do not contain clean and up-to-date information, making them problematic to use as a source system for user accounts. If organizations want to act as identity provider for external customers, this means they either need to optimize the content of their CRM, or look for another source system.
Organizations can address this problem by not populating the AD until the customers log in to the portal the first-time, enter their details and are granted access after internal validation. By creating a link between the CRM system and the AD, it is then possible to add to the customer details using information from the CRM system.
For more information, please visit our website.
No comments:
Post a Comment