Skip to main content

Hitachi ID certification

Product Sites

Standard IAM Business Processes: B2B / Partner Portal

This document introduces best practices for managing users, identity attributes and entitlements in a typical Extranet Partner /B2B web portal:

  1. The focus is on organizations who wish to manage a portal that will be accessed by large numbers of users, each of whom is affiliated with a partner of the hosting organization.
  2. There may be thousands of partner organizations and hundreds of thousands of users.
  3. Each portal user is affiliated with exactly one partner organization.
  4. The relationship between the hosting organization and each of its partners is presumably established out of band, before any of a partner's users are on-boarded.
  5. Partner users are likely to be infrequent users of the portal.
  6. Partners cannot be counted on to reliably or promptly deactivate the access of their own users to the portal.
  7. It is desirable to enable each partner to manage their own user population on the portal.
  8. A central support team should be able to assist with onboarding, deactivation, login problems, password resets, etc. where the partner's support team cannot or will not.
  9. The variety and complexity of security entitlements assigned to each partner user and change management processes are significantly less than for internal users in hosting organization.

The relationships between organizations and users is shown in Figure _labelRef(fig:b2b-org-relationships-2)

Figure: b2b-org-relationships-2
Figure 1: Relationships between organizations and their users

The objective of this document is to present best-practices for what information to capture about users in a typical partner portal and business processes for managing this information.

Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.

Please note that this document is designed to help organizations design the system by which users are added to, managed in and removed from their partner portal. The scope of this document does not extend to runtime authentication or authorization of users into applications -- that falls under access control rather than identity and access management.

Table of contents:

3Directories, IAM systems, applications and firewalls
4Identity attributes
5Unique identifiers
6Profile deactivation
6.1User initiated
6.3Access recertification
6.4Automatic cleanup
6.5Deletion mechanism
7Authenticating users
8Selecting and encoding security questions
8.1Search Space, Degree of Randomness
8.2Social Engineering
8.3Standardized vs. User-Selected Questions
8.5Privacy Protection
8.6How many Q-A pairs to enroll and how many to authenticate
8.7Encryption vs. hashing
9Selecting and encoding passwords
9.1Password length and character set
9.2Character sets and device interoperability
9.3Complexity requirements
9.4Hashing and salts
10Enrolling new users
11Managing passwords
12Making changes to user profiles
13Enrolling additional security questions
14Reports and alerts
15Global deployments
15.1Language support
15.2Jurisdiction and data storage
15.3Global coverage of application support
16Technical product capabilities

Please register

Access to this document requires registration. Please fill in the form below. The full document will be e-mailed to you automatically.

Your company/organization name:
Your name:
Your title:
Your work telephone number:
Your work e-mail address:
Total number of staff in your company:
Please check the information you entered above before continuing.
Click to continue:
page top page top