Manage and secure third-party risks with identity and access management

Umang Handa Partner, National Cybersecurity Managed Services Leader, PwC Canada July 21, 2022

Discover how a modern approach to identity and access management can help your organization solve external identity management challenges in this recap of a webinar co-hosted by Microsoft and PwC Canada.

External identity management challenges

Today most organizations work with third parties—suppliers, contractors, consultants, vendors, consumers, clients or business partners. As they become increasingly dependent on third parties for essential operations, many companies are turning to online service delivery platforms to make business transactions with third parties easier and more direct.

But some businesses are facing significant identity and access management (IAM) challenges as a result:

User experience: A secure, intuitive and customized user experience is no longer just nice to have—it’s a prerequisite for success.

Identity management: Managing access and identities is challenging and can tax administrative teams. Internal users are typically trained how to use the systems appropriately, but external users are less predictable and harder to track once initial access is granted.

Cybersecurity: Supply chains are prime targets for cyber attacks and can introduce new security risks, yet many business leaders report they lack enough understanding around these issues.

Technology, tools and integration: New tools and technology have the potential to cause more problems than they solve when improperly managed. Incompatible, unnecessary or redundant tools make organizations more vulnerable to exploits.

Most modern IAM solutions are designed to manage access and identities internally using authentication, authorization, user management and provisioning, identity storage and data integration. But they don’t always provide the same level of security for external users.

To address the above external identity management challenges and more, organizations need an IAM solution that takes advantage of cloud technologies to help secure external-facing systems and reduce third-party risk.

A new solution for securing IAM

Customer identity and access management (CIAM) solutions vet and verify user identities and are designed to protect applications and websites from threat actors. CIAM helps organizations manage customer identities and data while merging security, privacy management and compliance. But implementing a new solution for IAM can sound like a big undertaking—especially if your organization is already vulnerable to third-party risks.

To simplify how your organization manages and secures its employees, customers and stakeholders, consider a streamlined approach to IAM.

Industry examples

We’ve seen organizations unlock the benefits of streamlining their identity solutions and managing them at scale. Here are some case studies we’ve seen in our work helping businesses address external access issues using the most recent innovations in B2B and B2C technologies.

Energy company

A large energy provider working with vendors and partners to deliver products to consumers had just begun its cloud transformation journey. This company needed an infrastructure that could support the deployment of multiple applications, a centralized identity store to make user management easier and delegated administration capabilities that could allow vendors to manage identities and access to applications and the centralized identity store.

We helped them develop a modern, standardized approach for delivering services using Microsoft Azure Active Directory (AAD) that could:

  • Securely invite vendors into the AAD tenant using a guest user feature to manage user authentication for vendors with external identities stored in Azure Active Directory and to apply security controls such as conditional access policies and multi-factor authentication for an added layer of protection.
  • Build out a delegated partner administration portal using Microsoft Graph API, allowing the company’s administrators to manage partner or vendor businesses, provide access to various applications and turn over the actual external user management with a replicable process that’s scoped for each third party.
  • Bridge the gap between the cloud Azure AD identity store and on-premise systems using Microsoft Identity Manager to synchronize and provision external identities into AD and other internal applications.

Medical college

A medical college using the Microsoft Power Platform (Dynamics 365) to manage member registration and content access was looking to design a web portal that could function as the main entry point for member registration and management.

This organization’s web portal needed to support authentication and authorization requirements for a large number of independent external users and allow the service desk to authenticate on behalf of any member to troubleshoot errors.

We helped them developing and delivering a simple, straightforward Azure AD B2C architecture that could:

  • Create external identities for each member with out-of-the-box integration for Microsoft Power Apps and Dynamics 365.
  • Simplify authentication flows for member authentication and password management.
  • Allow administrators to log into the member portal with multi-factor authentication and then impersonate a specific member to help troubleshoot that member’s experience, all through the use of a customized authentication flow defined through Identity Experience Framework (IEF)

Global food retailer

A food retailer with extensive regional operations around the world was looking to scale the number of consumers using its online portal and application from half a billion up to 2 billion.

This company needed a solution that could help it manage a large number of consumer-facing web applications hosted within an existing deployment infrastructure siloed into four specific regions, enable cross-region interoperability and streamlined user experiences when traveling across regions and accommodate flexibility for regional- or country-specific requirements and user experiences.

We helped them come up with a new solution using the Azure AD B2C identity experience framework that could:

  • Centralize the application deployment infrastructure into a single Azure AD tenant while retaining regional tenants as the underlying identity stores to minimize impact on customers.
  • Develop an authentication flow using IEF and a custom routing API that would determine which regional identity store a customer was registered in and then route the sign-in appropriately every time they access one of the centrally-hosted applications.
  • Create customized authentication flows for particular regions or countries within regions to accommodate specific data gathering requirements.

Reduce third-party risks with a more secure IAM solution

Here are some of the benefits organizations can expect from a collaborative approach to IAM:

  • Better business partner experiences with modern authentication technology that lets organizations grant external users access to corporate apps and information sites with a streamlined, uniform user experience.
  • An improved security posture with standardized processes for sharing corporate data and information, a secure life cycle for partner identities including access reviews, access to the same apps across corporate users and partners and strong end-user authentication capabilities.
  • Reduced cost, support and maintenance for both cloud-hosted and on-premise applications with delegated administration capabilities to help lighten the load on company admins managing partner identities as well as out-of-the-box functionality to increase efficiency and improved application onboarding and integration based on a pre-established pattern.

Contact us

Hugh Lindley

Hugh Lindley

Director, Cybersecurity, Privacy and Financial Crime, PwC Canada

Tel: +1 613 755 5679

Marc Mac Donell

Marc Mac Donell

Director, Cybersecurity, Privacy and Financial Crime, PwC Canada

Tel: +1 613 755 5906

Follow PwC Canada