Challenge
The organization needs to protect sensitive resources (applications, files, documents) from unauthorized access. The sensitive resources are stored in Azure. Authorized users are stored in Entra ID (formerly Azure AD). For security reasons (to avoid that hackers can crack passwords and access the sensitive resources), the organization protects access based on conditional access policies, so-called Conditional Access policies. These policies require that the user be identified via multi-factor login (MFA). The organization wants users to be able to use BankID, SITHS or Freja eID as a method for MFA.
Solution
With Fortified ID Integrity, BankID, SITHS or Freja eID can be used as a method to access the organization's sensitive resources. The solution is very cost-effective:
Issuance of the e-identification is handled outside the organization
Requires minimal administration in the organization
Standardized integration
The solution provides support for login via mobile BankID or BankID on computer (card or file), SITHS on card or via mobile and Freja eID. The graphical interface, the one that meets users, is fully customizable to be able to align with the organization's graphical profile.
Other
Fortified ID Integrity is added as an external method (external MFA, EAM) to the organization's Entra ID. The connection between the user's BankID, SITHS or Freja eID and the user's account in the organization (i.e. in Entra ID) takes place via a lookup against Entra ID. The solution maps the identifier of the selected method (social security number or HSA ID) with an attribute of the user's account in Entra ID, to link the method with an Entra ID account. The organization itself chooses which attribute to use for this mapping. The protection of the Azure resources is configured via a standardized integration (OpenID Connect) between Entra ID and Integrity.