Bluink Blog

eID-Me and Microsoft Azure: How to Provision and Deprovision a Citizen Identity for Access to Corporate Applications

Posted by Larry Hamid · 459 words

 

Imagine a business where employees can use their citizen identities to access systems and applications. Okay, you’re probably thinking, “Even if this was possible, why would I want to?” With eID-Me and Microsoft Azure, this is not only possible but here are some reasons why it's worth doing:

  • No passwords for employees to remember or share
  • A single, convenient method of authentication for employees
  • No password resets for administrators
  • No identity infrastructure to deploy
  • Strong authentication to business applications
  • A single point of provisioning and deprovisioning

Let's back up a bit. eID-Me is a smartphone-based digital identity that can be used to log in or assert identity claims in both online and offline scenarios (more on eID-Me here). Because eID-Me implements industry-standard federation protocols (SAML, OpenID Connect), it's easily adopted by applications that wish to provide the option for individuals to log in using their eID-Me rather than a username and password.

 

Now, here’s the good part. It turns out that Microsoft Azure AD uses these standards to allow federation to third-party identity providers. Furthermore, Azure AD can also be an identity provider for third-party applications (there are over 3,100 of them the last time we checked). In other words, Application A can federate to Azure AD (for access), which can federate to eID-Me (for authentication). So when a user signs on to Application A, he uses his eID-Me smartphone app for authentication. Azure tenants can use Azure AD as the central point of administration for provisioning users and applications with no infrastructure to deploy.

 

The eID-Me identity has been verified to a Treasury Board-defined Identity Assurance Level and is strongly bound to the individual. So there is a validated, digital identity there for you to use, which can strongly authenticate your employees without having to deploy anything.

 

eID-Me is an extensible identity that can also host self-managed claims. By provisioning the attributes that Azure needs to identify the employee into eID-Me as self-managed identity claims, the integration with Azure becomes very simple. We have created a guide to explain it all (request the guide from sales@bluink.ca).

 

A "Bring Your Own" digital identity that is secure, convenient, and useful across thousands of services is now a reality.

 

Enable convenient access using smartphone-based digital identity with eID-Me.

 

eID-Me will launch in app stores this fall. Click here to subscribe to eID-Me updates and be notified of the launch.