Challenge
The organization needs to protect sensitive resources (applications, files, documents) from unauthorized access. The sensitive resources are stored in Azure. Authorized users are stored in Entra ID (formerly Azure AD). For security reasons (to avoid that hackers can crack passwords and access the sensitive resources), the organization protects access based on conditional access policies, so-called Conditional Access policies. These policies require that the user be identified via multi-factor login (MFA). The organization wants users to be able to use norwegian BankID or ID-porten as a method for MFA.
Solution
With Fortified ID Integrity, BankID or ID-porten can be used as a method to access the organization's sensitive resources. The solution is very cost-effective:
Issuance of BankID and the methods provided by ID-porten, is handled outside the organization
Requires minimal administration in the organization
Standardized integration
The solution provides support for login via BankID or any of the methods provided by ID-porten. The graphical interface, the one that meets users, is fully customizable to be able to align with the organization's graphical profile.
Other
Fortified ID Integrity is added as an external method (external MFA, EAM) to the organization's Entra ID. The connection between the user's BankID or ID-porten method with the user's account in the organization (i.e. in Entra ID) takes place via a lookup against Entra ID. The solution maps the identifier of the selected method (using the method identifier, such as birth date) with an attribute of the user's account in Entra ID, to link the method with an Entra ID account.
The organization itself chooses which attribute to use for this mapping. The protection of the Azure resources is configured via a standardized integration (OpenID Connect) between Entra ID and Integrity. Some special Entra features, which are required for the configuration to work, are also configured in Integrity.