Identity-as-a-Service (IDaaS) is a cloud-based solution for identity and access management within organisations. Instead of companies having to set up and maintain their own system, they use a provider’s IDaaS platform for this purpose.

What is pay-as-you-go?

Pay-as-you-go (PAYG) is a flexible pricing model where customers only pay for the amount of services or resources they actually use, without upfront fees and long-term contracts or fixed costs. This model is often applied in cloud computing, telecoms, energy and software services.

What is Identity Management (IdM)?

Identity Management (IdM) is a business process for the management, security and control of digital identities within organisations. It ensures that the right people gain access to the right systems, applications and data.

Identity-as-a-Service (IDaaS)

What is an IDaaS?

Identity-as-a-Service (IDaaS) is a cloud-based Identity & Access Management solution that enables customer organisations to manage identity and access. Instead of investing in an on-premises IAM platform they use a cost-efficient and scalable IDaaS solution for user authentication, authorisation and identity management. This is usually delivered through a subscription model based on, for example, the number of connected end users. Such a service model allows organisations to save on hardware, software and IT staff.

IDaaS, one of the XaaS service concepts

IDaaS is therefore one of the many as-a-Service models where services are delivered via the cloud on a pay-per-use or pay-as-you-go basis. Examples include:

Infrastructure-as-a-Service (IaaS) offers customers a cloud-based infrastructure including servers, storage and networking. This allows the IT organisation to focus entirely on hosting its own applications on that infrastructure. Examples include Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
Platform-as-a-Service (PaaS) offers customers a development and management platform for software developers. They can focus entirely on application development without having to think about the underlying infrastructure. Typical examples are Microsoft Azure and Google App Engine.
The most commonly used term is Software-as-a-Service, the umbrella under which many applications are now delivered from the cloud. Examples range from HR software and accounting solutions to comprehensive CRM software and office suites such as Microsoft 365.
As a specialisation of SaaS there are many providers that offer specific application services via the cloud. For example Backup-as-a-Service (BaaS), Desktop-as-a-Service (DaaS) and, indeed, Identity-as-a-Service (IDaaS).

Advantages of a cloud-based Identity Management solution?

As an organisation you benefit in many ways from an Identity and Access Management as-a-Service solution:

Lower investment: there is no need to invest in on-premises infrastructure or the purchase of software licences.
Less IT administration: updates and maintenance are performed by the IDaaS provider. The customer’s team can focus on functional management and operational use.
Scalability: with a pay-as-you-go or pay-per-use model you can scale up and down with the size of the organisation.
Consistently state-of-the-art information security: the IDaaS provider specialises in this domain and has all the knowledge and innovation capacity in-house.

IDaaS disadvantages

An IDaaS uses a standard platform and therefore there is no room for custom software. Does this mean the disadvantage of IDaaS is that you have no option to accommodate your own requirements at all? Fortunately that is far from the case. A well-designed IDaaS platform such as HelloID is indeed a standard application, while at the same time offering sufficient configuration options, settings and APIs. This allows you to fine-tune the service to the specific circumstances and needs of your own organisation. With an IDaaS you therefore have every opportunity to integrate the platform cleanly into business operations without falling into the trap of true custom software. Custom code is usually expensive, hard to maintain and is often used to mask more fundamental problems. You sometimes see poorly developed policy rules and sloppily designed business processes being patched over with custom adjustments. That approach may work briefly; it soon leads to costly, long-running follow-up projects. An IDaaS prevents this.

Example of IDaaS: HelloID

A widely used IDaaS solution is our HelloID platform. With HelloID we provide a full-featured IAM cloud solution where Tools4ever handles all technical administration. You pay through a pay-as-you-go arrangement, depending on the number of connected users, the modules used and the connectors to source and target systems. This gives you full control over costs as a customer organisation while you can focus on functional management. HelloID consists of four modules:

Access Management

This module provides important additions to the common authentication and authorisation functions of, for example, directory services. Employees gain simple, fast and user-friendly access to business cloud applications through Single Sign-On. Access is secured at the same time with Multi-Factor Authentication (MFA).

Provisioning

With the HelloID Provisioning module you create a connection between the HR system and the user accounts in your IT environment. This automates the entire joiner, mover and leaver process. During onboarding the new employee automatically receives the correct accounts and access rights. If someone later takes on a different role or moves to another department, accounts and access rights are adjusted automatically based on the data in the HR system. When employment ends the provisioning functionality ensures rights are revoked and accounts are deprovisioned. Thanks to so-called Role-Based Access Control (or Attribute-Based Access Control) your organisation can be confident it always complies with privacy and information security guidelines. You automatically comply with the Principle of Least Privilege, which requires each employee to have access only to the applications and data needed for their tasks and responsibilities. In addition to optimal security and compliance you also save on unnecessary licence costs and all changes are recorded for interim security audits.

Service Automation

Our experience is that the provisioning module described above automates about 80% of all administrative actions. However, besides these automatically granted birthright permissions, the standard rights associated with an individual’s primary role, there are usually many additional requests. Someone may need an expensive application such as Photoshop temporarily for a project. Or an employee needs to be assigned to a project folder, someone wants to change their email name, you want to create a group mailbox or reset your password.

HelloID Service Automation is an IDaaS module that streamlines and automates these individual requests for helpdesk staff, managers and even end users. Today such requests often have to be executed by second-line administrators directly in back-end systems, which creates a serious workload for IT departments. The Service Automation module provides user-friendly administration screens that allow such tasks to be delegated to helpdesk staff. You can also delegate actions securely to team managers or key users and part of the requests can even be fulfilled by the employee themselves through a self-service portal.

The Service Automation module ensures through configurable workflows that the appropriate manager(s) are always asked online for approval so the organisation retains control over all granted permissions. In addition, all requests, approvals and the actual fulfilment are logged automatically.

Governance

Within HelloID the entire identity lifecycle is auditable. All actions are logged, such as creating, enabling, updating, moving, disabling and deleting accounts. The same applies to granting and revoking permissions. For individual changes made outside the standard role matrix it is also clear who submitted a request, which person approved it and what changes this led to in underlying systems. IDaaS usage is therefore fully transparent and verifiable.

HelloID now also offers a Governance module. Where a typical IAM solution mainly helps the organisation get in control, this additional IDaaS functionality ensures you stay in control. With features such as reconciliation, recertification and toxic rules management we prevent internal mismatches between the IAM platform and target systems, maintain greater control over the use of self-service products and can automatically detect and resolve conflicting business rules.

Learn more about the HelloID IDaaS solution?

Identity Management is now a central component of your IT security. Users should only be granted access to applications and data with their own account and rights must always be granted strictly on a need-to-know basis. We must also be able to trace all IT activities to the level of individual users. This makes your Identity Management platform a key element when setting up your information security system and with the HelloID IDaaS solution you can start quickly without on-premises investment and then roll out additional features and target systems over time. You can find everything about the HelloID solution.