Challenge
The company needs to give its employees and consultants access to the organization's systems and digital resources (e.g. Windows computer, Windows server, files, websites) so that they can perform their work even if they work from home or in another location outside the office. A person who works from home or outside the office today authenticates with a username and password to access the digital resources. The systems and digital resources are exposed via the Citrix Workspace software. For security reasons (to avoid hackers being able to crack passwords and access the organization's digital information), the organization wants to use a more secure method for authentication. The method must be easy to use and involve minimal work with administration, in order to save time and money.
Solution
With Fortified ID Integrity, BankID can be used as a login method to access the organization's systems and digital resources. The solution is very cost-effective:
Issuance of BankID is handled outside the organization
BankID is a method most people use privately
Requires minimal administration in the organization
Standardized integration
The solution provides support for login via mobile BankID or BankID on computer (card or file). There is support for logging in with BankID on the same device or on another device. The same device means that BankID login will be automatically selected on a computer and that the mobile BankID app will be automatically selected on a mobile device. Other device means that a QR code is displayed that the user needs to read into the BankID app on the mobile. The graphical interface, the one that meets users, is fully customizable to be able to align with the organization's graphical profile.
Other
The connection between the user's BankID and the user's account in the organization (i.e. in Active Directory, AD) takes place via a lookup against AD. The solution maps the identifier on the user's BankID (social security number) with an attribute on the user's account in AD, to link the BankID login with the AD account. The organization itself chooses which attribute to use for this mapping. The protection of Citrix Workspace is configured through a standardized identity federation (SAML2) between Citrix and Integrity. The user can open Citrix Workspace through a standard web browser, or through the Citrix Workspace app. The solution provides support for both variants.