Comarch Identity & Access Management

Comarch Identity & Access Management (CIAM) combines the functions of Identity Management and Access Management systems. It allows for a full control over the access to company's applications, workstations and VPNs.

Comarch Identity & Access Management comes with world-class methods for authentication, authorization, identity lifecycle and accountability. Its modular architecture makes it easy to adapt to specific types of organizations across hierarchies and geographies.

The system supports organizational workflow procedures and keeps all user accounts in all applications up-to-date. On top of that, it offers a smooth integration for access management and authorization purposes.

CIAM easily integrates with multiple devices and applications for strong authentication and authorization including smart cards, cryptographic certificates or hardware and software tokens. This fact significantly extends its use case scenarios.

Comarch Identity & Access Management may be used for adjusting role and access permissions, granting remote access to company’s IT resources or delegating privileges. It also provides vital assistance in meeting the GDPR and PSD2 requirements.

Privileged access management tool

Module-based architecture

Comarch IAM comes with core and complementary modules that allow a customer to manage user identity and access in both small companies and large corporate enterprises.

Different modules provide customers with comprehensive services integrated under one seamless platform. There are 3 groups of modules: base, optional and additional. All of them compose the Comarch IAM Enterprise solution.

IAM Description

Key business advantages

Compliance with GDPR regulations
Provides support for data portability, right to be forgotten, anonymization, pseudonymization, and more
Identity management solution
Enables appropriate persons to access the required resources at specific times and for specific reasons
Access management feature
Allows to manage access to systems and recourses across the entire enterprise and performs full accounting
Workflow processes for multi-level acceptance schemes
Allow to use the four-eye principle every time a user or their supervisor requests a new permission - without using external mechanisms and eliminating paperwork
Role-based Access Control approach (RBAC)
Simplifies user management and ensures high flexibility
Single Sign-On solution (SSO)
Makes it possible to render centralized user authentication services
Integration with PKI and SmartCards
Allows the use of cryptographic certificates as an authentication method
Delegation of duties
Enables permission delegation to another user under constrained time horizons

Comarch Identity & Access Management:

Central authentication and authorization

Enables aggregation of all services related to user authentication and authorization data validation.

Role-based Access Control (RBAC)

Simplifies user management and ensures high flexibility by aggregating permissions from different applications.

Identity control

Allows for the management of all user identities and ensures appropriate persons have access to the required resources at specific times and for specific reasons.

Access management

Enables access to systems and resources across the entire enterprise based on the appropriate level of user permissions.

Support for diverse protocols and services

Integrates with Active Directory, LDAP and Kerberos protocols and Radius service.

Integration with PKI and smart cards

Allows the use of cryptographic certificates as an authentication method.

Seamless integration

Supports industry standards, such as SAML and OpenID Connect.

Workflow for multi-level acceptance schemes

Helps reflect the organizational structure and allows for using the four-eye principle every time a user or their supervisor requests a new permission

How does Comarch IAM work?

The following diagram illustrates the position of the CIAM platform in the enterprise infrastructure and the importance of identity management software and access management software for protected data access.

identity_access_management

Authentication and authorization methods

Integrated applications no longer need to perform user authentication: instead, the Comarch IAM Authentication Server is used for verifying the credentials. Authentication methods, required by each application, can be adjusted on the fly.

Below you can find the list of authentication methods available out of the box. Thanks to open architecture, it is possible to easily integrate additional methods (e.g. used by tokens of other vendors such as Vasco/OneSpan or Gemalto).

Static passwords
X.509 certificates
Hardware cryptographic tokens (i.e. Comarch tPro Token)
Hardware OTP tokens (Comarch tPro OTP)
Software OTP tokens (Comarch tPro Mobile)
LDAP bind
Radius protocol
Kerberos protocol
Support for different authentication methods based on „RESTful” API
Context-based authentication
Different combinations of authentication methods per system

security certificate

Authentication and authorization methods

Static passwords
X.509 certificates
Hardware cryptographic tokens (i.e. Comarch tPro Token)
Hardware OTP tokens (Comarch tPro OTP)
Software OTP tokens (Comarch tPro Mobile)
LDAP bind
Radius protocol
Kerberos protocol
Support for different authentication methods based on „RESTful” API
Context-based authentication
Different combinations of authentication methods per system

Business advantages

Single Sign-On

Allows user to access multiple web applications with one set of login credentials.

Compliance with external regulations (GDPR, PSD2)

Provides support for data portability, right to be forgotten, anonymization, pseudonymization as well as PSD2 requirements

Self-care portal

Allows users to complete some administrative tasks by themselves, such as changing the password, or assigning a new token or mobile phone.

Delegation of duties

Enables permission delegation to another user under constrained time horizons.

Comarch Identity and Access Management software

The growing complexity of organizational structures and the increasing number of applications used at companies make user management a time-consuming and complicated task. An enterprise can solve this problem by applying a centralized identity and access management solution, minimizing both human effort and error.

Comarch IAM may be used for adjusting role and access permissions, granting remote access to company’s IT resources or delegating privileges.

The crucial beneficiaries of this solution are EU-based companies processing sensitive and transaction data in accordance with GDPR or PSD2 requirements.

The other significant capabilities of the CIAM solution are:

Management of user and device identities in a large number of IT systems integrated with various applications and operating systems
Centralized and efficient access control policy at user and application level
Full accounting of end-user and administrator actions
Integration with “legacy” applications
Session management

The growing complexity of company structures and the increasing number of applications used at companies make user management a time-consuming and complicated task. A company can solve this problem by applying a centralized identity and access management solution, minimizing both human effort and errors.
The main beneficiaries of this solution are EU-based companies processing personal and sensitive data. Comarch IAM may be used for adjusting role and access permissions, granting remote access to company’s IT resources or delegating privileges. It also provides vital assistance in meeting the GDPR requirements.

Comarch Identity & Access Management

Module-based architecture

Key business advantages

Comarch Identity & Access Management:

How does Comarch IAM work?

tPro ECC

tPro Mobile

How does Comarch IAM work?

Authentication and authorization methods

Authentication and authorization methods

Business advantages

Selected capabilities:

Comarch Identity and Access Management software

Areas