Previous PDF

swipe to navigate

This document introduces best practices for managing users, identity attributes and entitlements in a typical Extranet Partner /B2B web portal:

  1. The focus is on organizations who wish to manage a portal that will be accessed by large numbers of users, each of whom is affiliated with a partner of the hosting organization.
  2. There may be thousands of partner organizations and hundreds of thousands of users.
  3. Each portal user is affiliated with exactly one partner organization.
  4. The relationship between the hosting organization and each of its partners is presumably established out of band, before any of a partner's users are on-boarded.
  5. Partner users are likely to be infrequent users of the portal.
  6. Partners cannot be counted on to reliably or promptly deactivate the access of their own users to the portal.
  7. It is desirable to enable each partner to manage their own user population on the portal.
  8. A central support team should be able to assist with onboarding, deactivation, login problems, password resets, etc. where the partner's support team cannot or will not.
  9. The variety and complexity of security entitlements assigned to each partner user and change management processes are significantly less than for internal users in hosting organization.

The relationships between organizations and users is shown in Figure [link]

    Relationships between organizations and their users

The objective of this document is to present best-practices for what information to capture about users in a typical partner portal and business processes for managing this information.

Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.

Please note that this document is designed to help organizations design the system by which users are added to, managed in and removed from their partner portal. The scope of this document does not extend to runtime authentication or authorization of users into applications -- that falls under access control rather than identity and access management.

Previous Next PDF