Overview

Our highly configurable and scalable identity and credential management solution ensures that only authorized individuals have access to protected systems and resources within an organization. With our comprehensive suite of ICAM solutions in the cloud or on-prem, you can strengthen your cyber defense, reduce operational costs and achieve regulatory compliance.

logo

 

Accelerate your Identity Management processes with workflow automations

manageID® is the complete identity, credential, and access management solution which securely controls digital IDs, credentials, and access entitlements associated with every organizational identity. manageID® enables securely authenticated access to information resources and physical assets, all from an integrated service that makes it easy to provision and manage information.

manageID® is a ICAM solution which makes sure that the right people can access the right information at the right time. It allows organization to manage users and their identity & credentials using dynamic configuration and automated workflows. It also helps organization to manage physical security using in-built connectors which integrates with physical access system. For access management, organization can use SSO or MFA or both based on their needs.

manageID® will help your organization

  • Focus on Your Business
  • Expedite Cloud Adoption
  • Achieve Business Agility
  • Optimize Manpower
  • Leverage Investment
  • Enhance Security Posture

 

Standards and Compliance

 

Federal Identity, Credential, and Access Management (FICAM)

National Institute of Standards and Technology (NIST) 800-63

International Organization for Standardization (ISO) 27001

Health Insurance Portability and Accountability Act (HIPAA)

Features

Identity Management             
manageID® provides comprehensive identity management capabilities for your organization’s ICAM requirement.

 

Identity Proofing

Enable your end-users to prove their identity through driver’s license and face scans using a mobile device.

 

Background Checks

manageID® integrates with leading background check providers to receive detailed information to move identities to branching workflows based on background check results.

 

Identity Provisioning

Our solution delivers the flexibility of multiple methods for identity creation. manageID® has built-in support for HR driven, sponsor initiated, self-service, API, and JIT/Claim-based initial provisioning of digital identities and supports provisioning of identities within downstream systems.

 

Identity Assurance

Our solution supports NIST 800-63A Identity Assurance Levels (IAL) 1 - 3 and meets assurance requirements for various types of identities. It allows for the capture/collection of demographic and biometric identity attributes to support any organization specific requirements.

 

Standard Connector

Leverage identity data and attributes from any data source such as HR (PeopleSoft, Workday etc.), Active Directory/LDAP, SQL, etc. with built-in interfaces. Use built-in APIs for any custom integration with data sources. Concurrently connect with multiple data sources to meet organizational integration requirements.

 

Identity Data Management

Connect with multiple data sources and downstream systems to create/update identity data attributes based on organization specific configurations. Promote the solution to become the authoritative data source for defined attributes and support identity data de-duplication/reconciliation based on pre-defined sets of attributes.

 

Collaborative Workflow

Leverage built-in workflow capabilities and templates to quickly configure support for any identity management related business processes. Support workflows for various types of identity (constituents) managed within the solution.

 

Rules Engine

Automate the identity and lifecycle management processes via business rules that can be configured to meet organization specific requirements for automation. Rules are configured by business domain users and do not require any custom development and scripting support from technical staff.

 

End User Self-Service

Enable end-users to perform certain tasks without needing assistance from an administrator or other authorized personnel. Self-service enables end-users to re-encode, re-key, or unblock smart cards, schedule and cancel appointments, track the status of their credential, upload documents, communicate with administrators, and modify their biographic information.

 

Single-Sign On

manageID® provides SSO and MFA for authentication and access management. MFA can be configured based on organization requirements and it supports multiple mobile applications like Microsoft Authenticator, Google Authenticator etc.

 

Adjudication

Accurately and efficiently determine an individual’s identity based on configurable biometric and biographic criteria.

 

 

 

Credential Management

manageID® supports the creation and lifecycle management of credentials assigned to a digital identity. Each identity can be assigned multiple credentials based on the needs of the organization.

logo

User ID / Password

Create and manage user ID/password-based credentials in Active Directory and other LDAP compliant directories, and enforce password policies for an organization.

logo

Digital Certificates / PIV-C

Generate, encode, and issue PKI technology-based credentials that are FIPS 201 compliant such as PIV and PIV-C tokens, as well as user and device certificates. Connect with industry leading PKI platforms and services via vendor-approved built-in connectors.

logo

Hardware Tokens

Utilize built-in connectors to industry leading hardware token systems that offer OTP/Oauth functionality. Our solution includes comprehensive capabilities to manage token stock and enables or disable access, based on assignment and lifecycle stages.

logo

Physical Access Control Cards

Integrate with leading Physical Access Control Systems (PACS) to provision identity and enable physical access via assignment of access levels. Automate the initial provisioning and lifecycle management of the PACS credential. Support various data formats for PACS credentials such as Proximity, DESFire EV1, EV2, SEOS, etc.

logo

Mobile / Derived Credentials

Issue and manage PKI technology-based strong credentials derived on mobile devices associated with users. The derived credentials can be used to authenticate and allow access to information assets, and can be derived onto non-mobile devices such as TPM chips on Windows machines.

logo

Third Party Authentication Service

Use built-in connectors with several third-party authentication products and services to provision and manage credentials within the application. Our solution can co-exist with existing products and services that may be in use within an organization.

Access Management

Manage access to all organizational information resources and physical assets via built-in access entitlement management capabilities. An organization can manage any number of external systems and physical access systems to control access for all types of users

  • Support NIST 800-63B-based Authentication Assurance Levels (AAL) 1-3.
  • Leverage our solution to configure and enforce organizational access policies.
  • Manage multiple external relying systems for enabling access entitlements. Utilize built-in connectors for several relying systems for access assignment updates.
  • Includes workflow for access request and approval with configurable levels of automation based on organization specific needs.
  • Automate account and access provisioning in downstream systems and services.
  • Enable authentication and authorization services via built-in MFA/SSO component, or integration with existing product and services. Support NIST 800-63B based Authentication Assurance Levels (AAL) 1-3.
Access Management

Lifecycle Management

manageID® includes functionality to control the entire lifecycle for an identity as it progresses, from establishing the identity to termination and archival of the identity record. During this process, the solution orchestrates the relationships between identities, and all of the linked, underlying credentials and access.

  • Policy-based lifecycle actions for identity, credential, and access attribute updates.
  • Solution provides a person-centric view of the digital identity, credentials, and access entitlements.
  • Self-service, helpdesk, and admin functionality for lifecycle management of the identities credentials, and access.

Governance

manageID® includes built-in functionality to configure and implement identity and access governance processes. The configuration and transactional audit data regarding identity access entitlements and relying systems is leveraged for this purpose.

  • Configure business processes for access attestation/ certification in support of organizational risk management processes.
  • Create and deliver person, application (software or hardware relying system), or (sub-)organization-based attestation reports.
  • Automate workflows for attestation processes including task assignments, etc.
  • Automate access lifecycle updates based on business rules configured for the organization.

Key Benefits

manageID® ICAM provides a collection of business, functional, technical, and security benefits for any organization, bred from CITI’s comprehensive business practices based in identity, credential, and access activities over the past 15 years. The modular architecture and high level of configuration makes the manageID® solution ideal for any organization. The benefits listed are common amongst all organizations that have chosen to use manageID® to revamp their ICAM implementation.

Enhanced User Experience

The manageID® user experience allows the user to:

  • Access a self-service portal to reset passwords/PINs, schedule appointments, track credential status, and re-key smartcards.
  • Access custom login page based on organizational assignment.
  • View a custom user dashboard to access applications and resources based on organizational assignments.
  • View online help tips for user functionalities.

Business Benefits

The manageID® solution from the offset offers several business benefits which include:

  • Offloading identity, credential, and access management to experts to focus on core business capabilities, transferring business and security risk.
  • Minimizing startup costs by providing subscription-based modular pricing per functionality.
  • Reducing manpower requirements to provision and support identity, credential, and access management capabilities.
  • Adapting to changing business and regulatory environments, e.g. acquisitions, change in regulations, etc.
  • Supporting business initiatives to modernize IT and adopt cloud services.
  • Minimizing rip-and-replace methodology and gradually migrate to this solution.

Enhanced Security Posture

The manageID® solution helps organizations enhance their information security management and business risk posture. Features that deliver a high level of security assurance include:

  • Creating and enabling the use of strong (PKI) credentials for user authentication.
  • Providing authorized users with a comprehensive auditing platform for reporting and analysis.
  • Real-time visibility into organizational access entitlements including lifecycle updates.
  • Minimizing risk associated with manual enforcement of policies related to account and access provisioning/de-provisioning.
  • Support for regulatory compliance and industry vertical specific security requirements.
  • Compliance with NIST security guidelines, ISO 20000 and ISO 27000 based processes and procedures for a high level of security assurance.

Enhanced Admin Capability

The manageID® solution enables system administrators to meet organizational needs for solution management and access control:

  • Access to built-in integrations with external systems via UI-based configuration, minimizing expensive customizations.
  • Provide comprehensive and granular access control (via user/ role management), and flexible authentication options.
  • Control permissions to identity/access data based on organizational security policies.
  • Enable de-centralized access approval processes, customized for specific organizational hierarchies.
  • Configure organizational structure-based workflows for identity onboarding and access control.
  • Perform all configurations via a web-based interface, making custom code and scripting seen in legacy ICAM systems completely unnecessary.
  • Configure multiple custom login pages based on the organization’s needs.
  • Configure custom user dashboards to access applications and resources based on the organization’s needs.
  • Enable separate portal access for sponsors and end-user self-service capabilities.