We solve problems. In designing IAM Cloud, we have been guided by the idea that most of the world’s best solutions are simple. Simple means reliable. Simple means fast. Simple means affordable. Simple means easy to set-up and use. Simple means quick to fix if something goes wrong.
IAM Cloud is a simple single sign-on system. Does it have every feature a single sign-on system can have? No. But it has the most important features. Does it have beautiful user interfaces and mouth-dropping design? No. In fact, we try to make it as invisible as possible to minimise disruption to users. Is it secure? Yes, very. Is it affordable? Yes, much cheaper than the alternatives. Does it have great support? Yes. Is it easy to get up and running? Yes. Will it make a big positive difference to IT within an organisation? Yes, it will.
There’s a weird stigma with providing a cheap service – the idea that if something is cheap it must be sub-standard. The IAM Cloud platform has no compromises to quality, in fact we’re very proud of it. You can check how it’s doing any time here: www.iamcloudstatus.com.
We haven’t compromised on quality, but we have decided against cramming IAM Cloud with hundreds of features that sound cool but in all likelihood are rarely going to get used. IAM Cloud is simple but it works well. In fact in many cases, despite being cheaper, it can be even better than the more expensive alternatives.
When we first created IAM Cloud – we spent a lot of time working in the education sector. Identity management is particularly challenging there – imagine tens of thousands of users coming and going each year in your organization. You need a solid identity & access management system to be able to handle that. Now we work with organizations of all kinds – from major banks, local & central governments, global corporations, international charities, and so on. But the lessons we learned years ago from the education sector are highly relevant in all sectors. Take a look at this video to see what we mean:
Single Sign-On (SSO)
Single Sign-On is now an industry standard technology in all sectors. By eliminating multiple passwords and the need to log in separately to each application, SSO increases IT security and user productivity.
Enterprise SSO from the Desktop
IAM Cloud is one of the few SSO solutions that doesn’t require users to login through a portal or dashboard. IAM Cloud’s ingenious use of network technology means that we can activate SSO at the workstation level. In other words, when a user logs into their work computer – they will be able to access all their federated applications without having to log into anything else. A user would simply click on a desktop shortcut and they’d be launched straight into their application. Simple and convenient.
Competitive solutions like Okta and OneLogin can do this too, but they require the deployment of a local server running IIS. That’s an extra thing for you to manage and a single point of failure. IAM Cloud doesn’t need any extra infrastructure and has no single points of failure.
Smart Links SSO
IAM Cloud Smart Links are application links that are CNAME’d from your organisation’s domain e.g. outlook.example.com. Organisations can use these links several ways, including embedding them in desktop shortcuts, browser favourites, and on existing Intranet portals and websites.
When users attempt to log-in from a non-federated environment, outside of your Domain, then they will be prompted to login. Users will be diverted through either a co-branded GUI login page with your organisations choice of colours, background, logos; or the choice of a fully customised login page.
Multi-Factor Authentication (MFA)
In response to the growing threat of hacking, phishing and identity theft, multi-factor authentication has become an essential technology in enterprise IT. We provide several methods for MFA to suit different needs. Each of these can be applied to any of your federated applications. You can choose to protect all your applications by MFA, or just one. And of course, you can activate MFA for some users but not others. It’s simple but powerful.
MFA via SMS
When a user goes to sign in: they enter their password, their phone will then receive an SMS message with a code. They enter the code and can then access their applications. SMS MFA provides a flexible and powerful way to protect your IT accounts from hacking and phishing. Even if the hacker manages to acquire your credentials, they would still need your physical phone to receive the code. This significantly protects against the majority of cyber threats, and all-but eliminates the threat of cyber attacks from overseas. No security in the world can ever be perfect or 100% effective, but this is a solid option.
MFA via Security Questions
Security questions don’t provide quite the same level of added security as MFA via SMS or app, but it does add some security, and it can work well for users because unlike passwords and codes, it’s unlikely personalised security questions would ever be forgotten by the user. As such, they’re a simple and user-friendly option for adding some extra security to your IT systems.
MFA via Shortcode
A shortcode is effectively a second password, perhaps a 4-digit number or a memorable code word. Technically if you can phish a password, then you can phish a security question or shortcode too. However, while these options are not as secure as MFA via SMS, smartphone app or physical security fob, it is still more secure than a password alone. The reason for this is that most phishing attempts are automated: A user gets sent an email, they click a link, and they are taken to a page asking for their username and password. It is unlikely, unless it was a highly-targeted manual phishing attack (and these are very rare), that the phishing system would ask for a shortcode too.
A user could be tricked into giving their username and password, but without knowing the shortcode too their account would still be protected. This is not bank-grade security, but it is very easy and convenient to implement. It doesn’t require a smartphone, so it works great in education and other professions where the possession of personal smartphones are prohibited/discouraged for most users, like healthcare, hospitality or retail.
MFA via Smartphone App
We don’t support this yet, but we plan to by the end of 2019.
The MFA features above all work on a continuous basis. From the point you switch them on, they will stay in place indefinitely or until you make a change. However, there are occasionally needs to reset passwords, MFA details or other credentials on a case-by-case basis. If a user has forgotten their password and the security questions that would normally be used for resetting it, for example. In this case, an admin can quickly set-up a temporary code for the user through our MFA system in order to allow them to reset their forgotten credentials.
Self-Service Password Reset & Write-Back
Forgotten passwords can be a real pain. Providing your users with the autonomy to securely reset their own passwords is more convenient for users, and it reduces the burden on your IT support team.
We provide a known password reset and a forgotten password reset feature. If a user already knows their password, but they just want to update it voluntarily then users can self-manage their passwords through our system. If on the other hand a user has forgotten their password, they can securely reset their password via:
- SMS message
- Security questions
- Back-up email address
When you first activate one of the options above, for example the SMS option, and you did not have all your users’ mobile phone numbers, our service will collect the information from your user(s) when they next log-in.
Password Policy System
When you allow your users to reset their own password, you’ll likely want to stipulate password length, complexity, and whether there are any blocked words. Setting up password policies in IAM Cloud is easy.
Unlike some SSO systems, which make you pay a large premium just to write-back your password back to Active Directory, we do not. It doesn’t make sense to us to implement a password reset system without properly syncing the newly reset/updated password to your source system – e.g. AD. IAM Cloud does it all, and it can work alongside existing password reset systems you may have too.
Identity Management & Account Provisioning
Identity is the foundation of all sign-in systems. You need to know who someone is, in order to determine what they do and don’t have permission to access. IAM Cloud synchronises identity data from Active Directory, Azure AD, and other systems.
Automated Provisioning & De-provisioning
Account creation and de-provisioning can be a significant time burden to IT teams, particularly in large organisations. IAM Cloud can automate account provisioning processes based on rules. IAM Cloud can be used to replace Dirsync/AAD Sync for Office 365, but beyond that IAM Cloud can provision accounts for a range of applications. Automating provisioning and de-provisioning doesn’t just reduce cost, it strengthens security around leavers too.
Simple identity management
Each identity can be made up of any number of attributes from a variety of systems. IAM Cloud allows IT Administrators to group users based on common attributes – e.g. Department name = Marketing. All users that meet the rules of the Classification are grouped together – which then allows the IT Administrator to bulk apply processes to these users, e.g. set a certain security feature for them like MFA, or enable access to a specific application, e.g. Salesforce. Furthermore, because IAM Cloud is automated, any new user who meets the given criteria will automatically receive these same features. Classifications allow organisations to undertake intelligent automated user lifecycle management at scale with minimal effort.
Automated Office 365 Licensing
IAM Cloud can handle the full end-to-end Office 365provisioning process. From the account creation to the account licensing. IAM Cloud can automatically apply different Microsoft Cloud (e.g. Office 365) licenses different groups of your users.