One of the best things about technology standards is that they help any single solution do even more.
That’s why we pursued Open ID Connect (OIDC) certification: the new ID Plus OIDC certified connector helps organizations meet regulatory compliance frameworks, provides users with greater control of their information, improves user experience, and develops stronger security for resources across environments.
Learn more about how RSA uses its OIDC connection to meet regulatory standards, and how we integrate OIDC with My Page, the RSA cloud-based single sign-on (SSO) solution, Risk AI, Mobile Lock, and more.
OIDC provides an open identity standard based on the OAuth 2.0 framework that helps users prove who they are when accessing organizational resources.
RSA has integrated the OIDC protocol into our identity and access management (IAM) solutions, allowing our customers to easily connect their users and secure their resources through their RSA My Page Single Sign-On (SSO) solution.
Ultimately, the My Page OIDC integration allows organizations to secure OIDC, SAML, and on-premises resources in one portal. That makes it easier for users to access the applications they need to do their jobs; it also helps security teams consolidate applications and protect them from risks.
But what does that look like in practice? Let’s review how our OIDC connector helps RSA customers enable compliance, get more from RSA My Page, make even smarter access decisions, and much more:
One of OIDC’s major benefits is its use of consent forms, which enable organizations to comply with regulatory requirements governing user privacy controls like GDPR, CCPA, and others.
Consent forms enable users to easily understand and control the Personally identifiable information (PII) exchanged between identity service providers and third-party, OIDC-based apps. OIDC helps users understand what PII is being shared and gives them an easy way to prevent certain information from being transmitted from an identity solution to third-parties.
RSA expands on that benefit, giving admins and users even further visibility and control over how their PII is shared. The RSA OIDC connector allows administrators to customize the consent descriptions of PII that could be shared between RSA and third-party apps. For example, in this image an admin has changed the consent descriptions for different information—Your Date of Birth, Your Name, Your Nationality, etc—so the user understands what information could be shared.
Other OIDC connectors don’t put the same emphasis on user experience: they may group PII as ‘Content and info’ about the user, their conversations, their workplace. Users would have to click through multiple different options to see what sort of PII could be shared with third-parties. While that experience may satisfy the letter of the law, it’s also likely to annoy users.
As a bonus, RSA OIDC consent descriptions support UTF-8 characters, so that users can read and understand an organization’s consent form, regardless of the language they speak.
The consent form also clearly identifies which apps are receiving PII by displaying third-party logos. In the example above, the user is looking at the data being transmitted between Charlie and Alpha (the purple logo). RSA My Page also supports color and branding customizations, allowing organizations to ensure that the style of the consent form itself aligns with overall branding.
My Page is RSA’s cloud-based SSO solution that gives the hybrid workforce an easy-to-use, customizable Application Portal with an integrated Authenticator Self-Service Portal.
ID Plus is the market’s only solution capable of supporting users on-premises, in the cloud, and across hybrid deployments.
That benefit extends to the RSA OIDC connection: the “My Applications” section of My Page allows users to access both web-based OIDC resources and other protected web (SAML) and legacy on-premises resources—all from the same SSO. Admins also can easily secure access to these resources across environments by setting up flexible access policies that allow users to select the authentication methods that work best for them.
If users need to reset a password, activate a new authenticator, disable an earlier authenticator, or otherwise manage the authenticators they use for accessing OIDC resources via “My Applications,” they can switch to “My Authenticators” to perform self-service.
This feature is perfect for those who can manage basic IT support on their own—and helps organizations defray help desk costs. The 2023 RSA ID IQ Report found that three-quarters of users either didn’t know or significantly undervalued the cost of a password reset, empowering users with basic tech support functionality can add up to big savings.
RSA Risk AI uses machine learning, behavioral analytics, and organizational context to intuitively determine a user’s risk before granting access to systems and data. We use those factors to establish Identity Confidence—the higher the Identity Confidence, the more likely it is that a user is who they claim to be, and the likelier they should have access to a protected resource.
Alternatively, low Identity Confidence can indicate risky behavior. If a user is trying to access a resource from a new IP address or an unrecognized device, then that could indicate an attacker has compromised an account. That risk escalates if the user is trying to access a sensitive OIDC resource.
Admins can prepare for those risks, protect their high-value OIDC assets, and develop stronger cybersecurity by setting Risk AI access policies for low Identity Confidence situations. For instance, admins could block access outright or require step-up authentication via a second factor.
Unmanaged devices and BYOD are a fixture of the work-from-anywhere economy, but they’re also a major identity compromise risk: 97% of cybersecurity experts felt that BYOD compounded major cybersecurity vulnerabilities, including the simple fact that unmanaged devices don’t have the same security capabilities as managed devices, and 72% of users believe that people frequently use personal devices to access professional resources.
We help customers adapt to the surge in unmanaged devices with RSA Mobile Lock, which can establish trust in BYOD and secure access to protected resources, including OIDC-connected apps. When Mobile Lock detects malware or other threats on an iOS or Android device, it prevents them from using the RSA Authenticator app to access secured resources. Mobile Lock creates an even more secure authenticator, which in turn makes OIDC-connected resources more secure as well.
Organizations can better secure access to OIDC resources, enhance user experience, and improve usability with the new OIDC connection to ID Plus:
- Meet compliance regulations and empower users to manage PII with consent form descriptions that look and feel like branded assets.
- Use My Page SSO to make access to organizational resources both secure and convenient.
- And apply automated identity intelligence with Risk AI and Mobile Lock to develop smarter, more effective cybersecurity.
