TrustBuilder is a comprehensive Identity and Access Management (IAM) platform designed to provide secure, user-centric, and policy-based access to applications and resources for both workforce and customer use cases.
Key Principles
- User-Centricity: TrustBuilder focuses on the user’s interests, contrasting with traditional IAM systems that require users to adapt to the technical application landscape.
- Policy-Based: The platform emphasizes explicit policies, which are defined declaratively and can be easily reviewed, audited, and reused. This approach ensures that organizational interests are clearly aligned with access management.
Key Features and Functionality
Universal Directory
TrustBuilder employs a Universal Directory that integrates all individuals and entities involved in digital services, including workforce members, external parties like suppliers and customers, and even IoT devices. This unified directory manages registration, provisioning, authentication, and authorization for all entities within a single framework.
Persona Model
The platform introduces the concept of ‘persona,’ where each user has a single profile that can be associated with multiple personas. Each persona reflects the user’s role relative to the organization and its digital services. This model allows for segmented user management, differentiated policies (including authentication, provisioning, attestation, and authorization), and the ability for users to switch personas within a session without needing to log out and log back in.
Authentication Management
TrustBuilder offers advanced authentication features:
- Single Sign-On (SSO): Enables users to access multiple applications and services with a single login, leveraging federation protocols and token exchange.
- Adaptive Authentication: Part of a zero-trust architecture, this feature assesses the risk of user access based on various factors such as location, device type, geolocation, and type of authentication. It requires additional assurance measures like device certificates or periodic re-authentication as needed.
Security and Encryption
The platform adds an extra layer of encryption on top of the cloud services provider’s encryption, ensuring that even the cloud provider cannot recover the encrypted data without TrustBuilder’s keys. This enhances security and compliance, even in scenarios where the cloud provider might be subpoenaed.
Integration and Connectivity
TrustBuilder includes components like TrustBuilder.Connect, which provides intimate connectivity with the customer’s applications and external services. It supports identity verification, user authentication, and federation of identification using protocols like OIDC and SAML. The platform also offers a catalog of out-of-the-box connectors for seamless integration.
Policy Administration and Management
TrustBuilder.io, the core component of the platform, manages policy administration, session lifecycle, persona lifecycle, notification management, and provides the basis for analytics and anomaly detection. Policies are defined declaratively and are accessible through RESTful APIs, ensuring easy management and auditing.
Multi-Factor Authentication (MFA)
TrustBuilder MFA offers a patented, proprietary authentication factor for passwordless authentication and transaction signing. This can be used with or without a smartphone, enhancing security and user convenience.
In summary, TrustBuilder is a robust IAM solution that prioritizes user-centricity and policy-based management, offering advanced features in authentication, integration, and security to ensure secure and efficient access to digital resources.