Overview of Capabilities
Central to the ability to manage identity-centric processes that enable digital services is the capability of a next generation Identity & Access Management platform. Such a platform has to be capable of managing the unique identity requirements of digital services, like federating access to multiple core and cloud services through a single digital ID.
The ULM Platform includes an Identity Management stack to enable multi-protocol authentication and authorization in support of next generation digital services. This ULM module was architected to provide a centralized and federated identity store to encourage seamless access to any number of user services, including legacy and cloud services.
The IdP can leverage any existing data stores (e.g. DB or LDAP) and can also act as an SP (Service Provider) for companies that already utilize an existing IdP. In addition, this flexible platform also supports:
- SAML support including Single Logout support (ULM 5.0 and above)
- OAuth 2.0 for authorization of newer services and infrastructure
- OpenID Connect for Identity on top of OAuth 2.0
- Support for GSMA Mobile Connect digital authentication
- Can be deployed as part of ULM Proxy Infrastructure (SAML SP) and Core Platform (SAML IDP, OAuth 2.0, OpenID Connect)
The ULM Identity & Access Management solution was concieved as a standards-based next generation platform designed for internet era digital services with maximum deployment flexibility. A focus on including Social Extensions support provides an even greater level of capabilities, including:
- Out-of-the-box social media extensions for easy interactions with a user's profile
- Association of a social media identity to a ULM User
- Support of "Social Media" as a type of Account entity
- ULM APIs for Facebook posting and Twitter tweets
- Account association process interfaces with the Service Provider's OAuth/OpenID screens to complete authentication and authorization
- Support for New User enrollment via Social Login, including checking for pre-existing User ID