Identity management platform designed ground up for mobile, cross channel, IoT and best of breed
Identity Services Hub
Identity is a highly fragmented space with many tools and capabilities from different vendors: biometric authenticators, traditional authenticators, KYC tools, risk and fraud engines, behavioral tools, directories, device security, and more. Integrating each of these services into your systems and applications requires significant ongoing work. This work involves processing input and output from each of these services, building the various user journeys around these services, and dealing with exceptions, failures, and edge cases. With Transmit, this can be avoided. The Transmit Identity Services Hub includes built-in, secure connectors to dozens of third-party identity services, dozens of built-in services, and a flexible, secure plug-in architecture that allows you to add anything and everything. It’s a complete, secure abstraction layer between your applications and the entire identity ecosystem. It’s the only platform capable of securing client-side identity services such as authenticators and KYC tools and also the only platform that doesn’t require writing third-party specific code in your applications.
Over-the-Air Journeys is the technology that sets Transmit apart from all other vendors. Using Over-the-Air Journeys, application owners can use graphical tools and an orchestration language to design simple and complex user journeys that involve authorization, authentication, KYC, fraud prevention, regulatory requirements, and more. Once done, these journeys can be pushed "over the air" and played in any application that is connected to Transmit, without making any code changes to the application and without the need to re-publish the application. Over-the-Air Journeys consist of two main technologies - a Journey Player and an Orchestration Engine. The Journey Player is incorporated into your applications as an SDK and is responsible for playing the entire journey inside the application. The Journey Player works with the Transmit Orchestration Engine which orchestrates the journey and defines the next steps on either the client or server side.
Transmit provides a full set of authentication services to manage primary login, multi-factor, and step-up authentication across various applications and channels. The platform includes a large set of built-in authenticators such as OTPs, soft tokens, biometric authenticators, and knowledge-based authenticators. In addition, the platform can be used to manage any third-party authenticator or authentication service connected to the Identity Services Hub. Transmit’s authentication services manage the enrollment process for each authenticator and also tasks such as de-enrollment, re-enrollment, and expiry periods. The platform provides flexible ways of defining authentication levels and attaching them to different authenticators and journeys. The platform allows building rules for authentication failures across different authenticators and devices and taking various actions when thresholds are reached. Transmit is FIDO certified and can be used to manage any FIDO authenticator alongside non-FIDO authenticators.
KYC and Identity Proofing Services
Transmit is capable of activating numerous KYC and identity-proofing tools, such as scanning a government identity card and comparing the photo on the card to a live video stream of the user’s face. The platform can also access third-party databases for identity validation. For example, accessing a network operator’s data and verifying that the phone number provided by the user correlates with their details, such as name and address, in the phone company’s records. Using the Over-the-Air Journeys technology, onboarding journeys can be designed and implemented without writing code. The platform also allows building forms that collect information from the user during the KYC process as well as asking for various consents. The platform can then store identity-related information in identity stores and also generate credentials for the user and register the user for advanced authentication techniques.
The platform offers role-based access control (RBAC) and attribute-based access control (ABAC) services across all applications. The platform automatically collects device and environmental attributes—for example, location, device type, and connection type—and exposes them to the orchestration engine. The platform is capable of reading entitlements and risk indicators from multiple directories, databases, and engines at the same time, including a built-in entitlement store. This information can be orchestrated at run-time to reach access decisions and to call for actions such as authenticating, blocking an activity, approving an activity, notifying of an activity, requesting authorization from multiple users across multiple devices, and signing transactions and user requests.
Risk and Fraud Detection Services
Behavioral profiling capabilities are built into the platform. All you need to do is tell Transmit what to profile. The platform can automatically profile devices, locations, access times, activities, transactions, payments, and many other factors. Profiles are built over time per user and can be used to reach even better authentication and authorization decisions. The platform also includes machine learning for device identification to add trust in known user devices. One of the great advantages of Transmit around fraud prevention is the ability to orchestrate different engines and scores. Third-party fraud detection engines can be connected to the Identity Services Hub, and then, using simple graphical design tools, administrators can orchestrate the results coming out of these engines with the built-in Transmit profilers to build an uber risk score and drive different actions.
Bring your own directory from any vendor and connect it to the Transmit Identity Services Hub or just enable the built-in LDAP-based directory that is already included in the Transmit platform. You can also connect multiple directory services and easily orchestrate them using Transmit’s orchestration engine, which completely isolates your applications from any directory service you chose to work with. Using Transmit platform, you can switch between directories, consolidate directories, route between directories based on any attribute, and combine on-premise and cloud directory services with no impact on your applications. Transmit also includes modern APIs which can be used to access directory information as an alternative to LDAP.
Identity Gateway Services
Transmit Identity Gateway is based on a reverse proxy technology that sits in front of applications and APIs and enforces authorization and authentication policies without the need to make any changes to applications. Typical use cases include controlling access to hundreds of web applications and the replacement of outdated Web Access Management solutions such as CA SiteMinder™. Unlike traditional gateways that rely on simple access rules, Transmit Identity Gateway is based on Zero Trust technologies which inspect access to applications based on the trust level of the user’s device, the environment, the session, the level of risk, and the user’s behavior. The Transmit Gateway also incorporates the Over-the-Air Journeys Technology and the Identity Services Hub capabilities, and it can run advanced step-up, multi-factor authentication processes as well as device management and enrollment activities.
Device Management Services
Users are accessing your applications and systems from various devices—laptops, computers, mobile devices, and tablets. Transmit automatically tracks all devices for each user and provides the tools to bind these devices and build trust in them. This process uses cryptography to secure the channel between the device and your systems and to mutually authenticate the device. The platform is responsible for securing data and cryptographic keys on the device. A full view of all devices is provided to both end-users and support managers, together with the ability to remove devices, disable devices, lock devices, set primary devices, manage security preferences per device, and more.
Regulatory Compliance Services
Transmit provides an easy way to manage identity-related regulatory requirements for privacy and authentication. Managing consents, managing identity-related information, providing easy access to information, and deleting information when requested by users, are all integral parts of the platform. PSD2 RTS capabilities for strong customer authentication are provided out of the box with full control over the user experience.
Single Sign On and Federation Services
The platform can serve as a federation IdP or SP and includes support for SAML, OpenID Connect, and OAuth. The platform includes built-in device identification technologies that can automatically identify a user who is using the same device to access more than one application. The Over-the-Air Journeys technology allows the organization to build trust rules between applications and to securely transfer trust from one application to another based on the user’s authentication, device trust level, and risk .
Flexible Deployment Options
Transmit is a highly scalable platform that can easily support organizations with tens of millions of users and thousands of applications across the globe. The platform has a simple, two-tier architecture where the first tier is completely stateless and therefore extremely fast and easy to scale. Scaling is as easy as adding more servers. These servers can be spread across different locations, either on premises or in the cloud. The platform also supports hybrid deployments where servers are located both on premises and in the cloud. The architecture allows quickly porting the infrastructure from one location to another, including from on premises to the cloud. The platform can be also consumed as SaaS.