Are security concerns holding back your B2B integration?

Niels Flensted-Jensen, Aug 31, 2015

If you’re struggling with the security aspects of business-to-business web integration, Grean’s access management service gives you and your business partners the control you need to open up with confidence.

Grean addresses the growing access management challenge in a world where businesses are integrating ever closer with their business partners - through web, mobile, and application programming interfaces (APIs).

This post is about the why and the how of Grean’s access management solution. The technical aspects of how Grean works will be the subject of a later post.

The business-to-business access challenge

Think of how Facebook lets you control who sees your data and in which context. The “who” in this case would be your friends, the general public, and specific groups of people. The “context” would be in which other apps your data may be accessed (for example, you may have granted your iPhone direct access to your Facebook data).

What Facebook tries to accomplish in terms of controlling access to your personal data, Grean does for the data and applications owned by your organization.

Let’s look at a simple example of how access management works between businesses.

In the figure below, we have two companies sharing one company’s data:

  • BigCorp employees log in directly and access the data according to their level of authorization.
  • A BigCorp employee grants MuncherCorp access to BigCorp’s data. This, of course, requires that the BigCorp employee has authorization to grant such access.

Organizational access

Now consider another example. Let’s say an insurance company is about to launch a new brokerage web portal for insurance brokers. The insurance company must first onboard the brokerage firms. Then the appointed person at each brokerage firm must be able to onboard its employees - and subsequently manage their access to the brokerage portal - while ensuring all involved that they are in full control.

And keep in mind, the data in the brokerage portal is not the property of each individual brokerage employee. Instead, the data belongs to the brokerage firm and the insurance company.

On-board, authorize, manage

Grean takes care of the onboarding process for your organization. This includes onboarding your employees and well as your customers and business partners.

Grean also provides management applications - both web and mobile - to administer business-to-business relationships, application roles, assignment of user permissions, and more.

And when users log in to your applications or access your APIs, Grean makes sure the relevant organization and role information is included so you can enforce rigid access control.

The following figure illustrates how this process would work in our brokerage web portal example.

Brokerage firm managing access

That’s just a little bit of what Grean can do.

Depending on your use case, Grean can go in many directions: Do you need to make your data available in currently unknown contexts but with organizational consent? Or do you need to pull reports to support compliance efforts? Or maybe you have an Internet of Things project with tight requirements on device access to the back-end servers, and vice versa?

What’s more, Grean deals with protocols such as OAuth2, user and organizational consent, and other areas of interest to provide an authentication agnostic access management service.

In upcoming posts, we’ll deal with these topics and other interesting subjects in more detail. Stay tuned!