There are a number of identity and access management (IAM) systems on the market, but very few cover both the physical and digital world. “Our solution is also very comprehensive, and fulfills the municipalities’ end-to-end needs,” says Malin Ridelius, product specialist at identity and security company Nexus Group.
All Swedish municipalities have various types of facilities that need protection, and a diverse set of employees and citizens with different access needs.
“And most municipalities have many different systems from different vendors involved in managing the access, for example, different physical access control systems (PACS), different vendors for access cards, a human resources (HR) system from yet a different vendor, and so on. The process of making sure the right people have access to the right resources is often handled manually,” says Ridelius.
In addition to this, separate PC login cards for accessing digital resources need to be managed. The municipality has no holistic view, and the manual process often fails.
“Access and PC login cards get lost, students join and leave schools, employees change roles – without a centralized support system it is difficult to ensure that the identities and credentials reflect the actual reality,” says Ridelius.
A centralized IAM system
The solution to this problem is to put a centralized identity and access management (IAM) layer on top of all of the different systems.
“The IAM system fetches information from, for example, the HR system or Microsoft’s catalogue service Active Directory, applies your entitlement rules to the user information, issues the relevant credentials, and updates all physical and digital access control systems accordingly,” says Ridelius.
When all major processes for issuing, changing and revoking identities and their credentials are handled in one centralized system it is also possible to ensure traceability and auditability, which is required by the EU’s General Data Protection Regulation (GDPR) and other regulations.
Download guide How to prepare for the GDPR – and turn it from foe to friend
“There are a number of IAM systems on the market, but ours is one of very few that integrates with multiple physical systems and technologies, and manages user identities and credential for both the physical and digital world. Our solution is also very comprehensive, and fulfills the municipalities’ end-to-end needs,” says Ridelius.
Packages including the IAM software Nexus PRIME
Nexus offers packages including the IAM software Nexus PRIME, a photo station, card printer, cards, card accessories and consultancy.
“We often see that a municipality has a concrete need, for example, to issue photo ID cards to teachers and students to enable visual identification, or to issue smart cards for PC login for health care personnel. And then they often make the wise decision not to buy a quick fix, but instead to invest in a comprehensive and future-proof solution that they can grow with, and that can solve their other IAM needs throughout the municipality,” says Ridelius.
For example, cards issued with the help of Nexus PRIME can be used for a very wide range of applications: in addition to PC login, visual identification and door opening, they can also be used for things such as payments, follow-me printing, book loans, single sign-on, email encryption and digital signing.
“PRIME’s lifecycle management makes it easy to create new cards with associated credentials, to change credentials, and to delete credentials. And the self-service portal means that employees themselves can request a complementary mobile eID, reset PIN codes or order a replacement ID badge, which saves lots of time for the administrators,” says Ridelius.