B2E and B2B Examples

So we’ll just look very, very briefly at some examples before we move on to section two, that covers governance. Business to employee. So these are the different types of identity and access management models that we may see within our organization, or that we may see day-to-day. So business to employee. Businesses have a need to employ identity and access management for their employees to make sure that the employees have an identity and credentials to ensure that they can work. We need systems like HR datasets to ensure that we can pay the employees the correct amount, that we have the correct data and information about them. We know what training they’ve had. All these small details. Have they been sick?

How much vacation time do they have? We see business to employee services within domain services, within the local network, a directory, usually Active Directory for most companies. We see business to employee services through cloud services. So we can draw down services like Office 365. We can have online directory services, online identity providers. We can try to identify and establish where people share similar roles. If we have 10,000 employees, creating 10,000 individual roles and lists of privileges can be complicated. We can work to simplify this and consolidate some of these privileges into discrete roles. If 100 people share the same role, then we need to create only one role template, and we can apply that to the 100 people.

This saves time and also can ensure better management of security. Single sign-on. With all of these different services, we may want to make our employees’ lives easier and have a central approach to credential management and identity management. So we can have a single sign-on solution and try to federate identity management potentially, depending on what our requirements are. Within a business to business context, we have lots of strategic partnerships that exist. So a lot of our vendors, upstream of our business, and our customers, downstream of our business, may want to have some level of integration with our organization. Our ERP systems, our Just In Time procurement systems, may be linked to our suppliers and to our customers.

So if a customer places an order, that automatically populates into our system and in turn creates a bill of lading and procurement requests for our suppliers upstream. This is very common, and this requires some level of connectivity between ourselves and those third parties. Not just connectivity – it requires some kind of identity and access management. We don’t want anybody to be able to place an order. We need to be able to identify the customer. We need to be able to identify our vendor and only have secure approved transactions occur. This can apply to strategic partnerships.

We also see group companies, where we have an umbrella company with lots of smaller companies that are separate legal identities but working together within a broad context. These may have separate logical domains, but they may require access to each other’s systems and services. So we can try to simplify access management across this piece through the use of services like Active Directory, linking multiple domains together within a forest. We can enforce policies around what can and cannot be done, so we should be saying that some of our customers, some of our vendors, are able to undertake some actions but not others. So we need to further define what access we have and what is permitted.

Maybe even when it is permitted, where it is permitted. If we’re looking at integrating different services, and we’re linking our ERP system to somebody else’s ERP system or extending our services into our suppliers organizations, we can do this through the use of pre-built connectors, or we can build our own integrations. And in section 11, we’ll look at some of the technologies that support and enable this approach.