​Streamlined Active Directory Group Management process
Risk Based Authentication
Simplified Registration and Login process



External users are given VPN accounts to access the applications through the organization’s internal network. The organization wants to provide a service to have the applications available to external users without going through their internal network and, at the same time, secure the application to registered and authorized users only.  Consequently, the process of registering these users are very long and should be optimized.  These external users do not have the capability to reset their own passwords when locked out and they would also need to maintain multiple accounts and password to login to the different applications.


Deployed IBM Security Access Manager (ISAM) to protect the different applications that are published by the organization to the Internet.  This solution enables external users to use single sign-on to login to different applications protected by ISAM.


IBM Security Identity Manager (ISIM) was also deployed to enable external users to self-register reset their own passwords. ISIM also provided the mechanism to provision the access to different applications approved by the respective application owners.



By enabling the external users to register for a single account to access the different applications of the organization, this eliminates nuisance of maintaining multiple accounts to login to different applications published by the organization.  It also eliminates the need to re-authenticate registered and authorized users when accessing multiple applications.  The support calls pertaining to password resets are also minimized translating to support staff being able to spend more time on other critical tasks.  The time to register is also minimized by providing self-service registration and automating the approval process to access the applications.