It’s better to be a specialist than a generalist: when you try to be good at too many things, you end up being great at nothing—and that’s why organizations today use a wide ecosystem of partner companies.
Businesses across all industries are engaging with hundreds, if not thousands, of third-party entities each year—and for these relationships to work, businesses need to be able to connect to vendors’ and partners’ identity sources to authenticate their users. Since companies have varied levels of maturity when it comes to how they store and manage user identities, there is no one standard way to do this.
They say that no man is an island—and no company is either. In order to effectively build their network of partners and vendors, businesses need to have the right processes in place for securely connecting to their identity sources.
Business networks are expanding
As the number of digitally-enabled B2B relationships continues to grow, organizations are responsible for managing access for massive amounts of external users coming from disparate identity sources.
While partnerships are vital to the success of a business, enterprises typically do not want to store their partners’ user identities in the same authoritative sources that house their employee identities. Nor do they want to be tasked with the responsibility of managing those user profiles, as that can bog down their IT team with additional tasks. They therefore require a solution that enables them to securely connect with partners, without complications.
In order to operate as efficiently as possible as they interact with their partners, enterprises need to be confident in defining and managing the roles and access privileges of users across their network, both when a partnership begins and—just as importantly—when it ends.
How to connect to partner identities
Providing access to vendor and partner identities can become a complicated task as the different organizations you might look to partner with have varying levels of technical maturity and understanding. For instance:
- Partners at larger or more mature organizations are likely to have an identity provider (IdP)
- Others may have on-prem user directories in place, such as Microsoft’s Active Directory
- Smaller, less technically mature organizations, may have nothing at all
When entering into a partner relationship, the enterprise has to consider which party will be responsible for user management and who will look after the onboarding and offboarding of user access. This determines how much support they need to provide their partners with throughout the relationship.
An enterprise’s IT team therefore needs to be able to handle various scenarios across the third-party access management landscape.
Directory integration: In the same way that a business would install an Okta Active Directory agent to connect existing employee identities to Okta, they can apply this approach to their partners’ directories. This enables the enterprise to easily sync user profiles from their partner’s Active Directory into their own system. However, this approach requires partners to install Okta AD agents in their own environment, which is not always an option.
Identity federation: Partners from large businesses will often have an existing IdP, which can federate into resources an enterprises wishes to share. These large businesses will likely have a wealth of technical know-how and experience, so they should be able to take on a lot of the user management, as well as the onboarding and offboarding of users.
No directory or IdP: For partners that are less technically mature and don’t have their own IdP or an Active Directory, the enterprise can provide access to their own IdP—Okta, for instance. This approach will place more demand on the organization in terms of having to actively support their vendors or partners, including importing users into their own IdP and managing the user lifecycle themselves.
Managing partner identities
Securely providing application access to partner identities does not stop with merely integrating a partner’s identities. Once an identity has been established it needs to be maintained and monitored through its lifecycle, ensuring that any changes in access requirements are handled swiftly and securely.
In part, this is because the contractor’s credentials and third-party information are major targets for hackers. In December 2018, it was revealed that Chinese hackers had run an 18-month campaign targeting weaknesses in the US Navy’s contractor systems to steal ship maintenance data and missile plans. Six months later, the FBI issued a warning to US government contractors about the risk of foreign hackers targeting them via social media.
Businesses working with a growing number of partners, vendors, and contractors need to be cognizant of these and other risks. It’s vital for enterprises to have a system in place that will help them to manage their partner and contractor identity sources and maintain control over which users have access to which resources.
To learn more about how companies can provide secure access to vendors, partners, and contractors, read our 5 Questions IT Must Address to Provide Secure Access for Vendors and Partners whitepaper.