We must always remember that it is an integration of at least two systems. Your application on the one hand as a consumer of IAM services and eIAM on the other hand as a provider of IAM services. In order for this integration to run smoothly, the prerequisites must be created in the early phases of the application.
Questionnaire
By means of the eIAM dossier, we seek answers to a multitude of questions together with you. Our common goal is on the one hand to record what is already clear and on the other hand to show what still needs to be verified by you as the customer. The eIAM team will of course be happy to help you with this.
Organisational responsibilities and contact persons before, during and after the integration of your application with eIAM.
It is important for eIAM to know the correct contact persons for queries, further verifications during each phase. This makes communication much easier for us at eIAM and for you as a customer, and reduces administrative overhead.
Organisational assignment of your application to an administrative unit of the Federal Administration
The assignment to an administrative unit usually determines in which client data room of eIAM the identity and access management takes place.
Protection requirements of the application to be integrated
The evaluation of the protection requirements is the responsibility of the application owner and is NOT depicted in the eIAM dossier. The application owners are responsible for ensuring that the quality of authentication (QoA) ordered in this dossier and - independently of eIAM - the hosting fulfil the protection requirements and that this and any downward deviations are clearly mapped in the ISDS concept. The checklist is recommended for this topic.
Integration pattern (Integration pattern)
The integration pattern is influenced by various factors. These include requirements for single sign-on with other, already existing applications or the zone in which the application is to be operated. The zones from which the application is accessed also influence the integration pattern.
Availability requirements of the application to be integrated
The availability requirements influence the SLA between eIAM and the application to be integrated. E.g. the response time of the service eIAM in case of error messages.
Availability requirements of the application to be integrated.
Target audience (users) of the application to be integrated and their context in which they use the application.
It is important to have a clear picture of the different users and the context in which they use the application. Since the processes for managing identities and permissions are very different
Is it a pure enterprise application that is only used by employees (internal/external) of the Federal Administration?
Do other subjects with enterprise identities (e.g. employees of cantonal administrations) also have access?
Should the application be used by partners outside the Federal Administration?
Should the application be used in the eGov context by citizens who use the resources of the Federal Administration in their own interest?
Management of identities, authorisations and other attributes in eIAM and, if applicable, in the application itself over the entire life cycle
Are identities and their attributes e.g. authorisation roles managed in eIAM alone? Partly in eIAM and partly in the business application? Or only in the business application?
How do the identities that are to use the application initially get into the access client and/or into the application?
How are identities and their attributes maintained within their life cycle in eIAM and/or the business application?
What happens to an identity or the authorisations associated with it if a user no longer needs/needs/wants to use the application?
