The vision of SmartSignatur GlobalID is to be a universal 2-Factor authentication enrollment solution for a private company or public organisation. SmartSignatur GlobalID enables a fully integrated process-lifecycle of a user’s Secure Digital Identity.
GlobalID v4 concentrates on the automated enrollment of X509 user certificates within an organization. Future support for additional authentication factors will be added to address companies needs.
Automation - of the Setup
With SmartSignatur GlobalID the entire enrollment process around the onboarding of certificates is automated. The different steps and systems of the secure digital identity lifecycle are integrated into one process. Systems being connected are user directory (Active Directory, eDirectory), Certification Authority (CA) and the user via the self-service portal. An Identity Management System (IDM) and/or Local Identity Provider (IdP) are natural extensions to the solution.
SmartSignatur relieves manual transactions when an employee gets onboarded into the organization. Administrative routine tasks like setting up or deleting accounts and the connected certificates, and the handling of renewing certificates take place entirely automated.
There are different use cases supported depending on the setup of an organizations system and the compliance requirements it needs to meet:
Smooth user experience, increased productivity
The organization decides to either run an own Certification Authority (e.g. Microsoft Certificate Authority) or get certificates from a trusted external Certification Authority (CA). The employee can do the issuing of a certificate to a chip – may it be as new employee, as an existing employee with a lost or broken chip or as an employee whose certificate is expiring – via a self-service portal.
The task takes less than five minutes per employee and does not involve an IT-administrator or helpdesk.
In addition, the synchronization of user data into a directory or Identity-Management-System takes place immediately. There is no delay, since SmartSignatur operates in real time. It provides a smooth user experience, increases productivity and relieves time to the IT-administration or help desk.
Use of existing certificates
Alternatively, the organization decides to use an existing certificate that has been issued to the user already by a third party. These can be national eID certificates or sector specific solutions, like in many healthcare sectors in various countries.
The employee’s certificate can be onboarded via the self-service in which the certificate is read and connected to the directory / identity-management-system in real time.
The certificate is then connected to the user’s identity within the organization and can be used for the various tasks the certificate allows, e.g. systems authentication and / or email encryption.