Thought Leaders in Financial Technology: Nelson Cicchitto, CEO of Avatier (Part 2)

Nelson Cicchitto: As we looked at the industry and asked ourselves what we needed to do to disrupt this space, we thought about delivering our identity management solution as a container which gives you complete platform independence, the ability to run on-premise securely, and the ability to run on any cloud.

We obviously couldn’t host it for our customers. We can give them a different experience in an Okta or a Microsoft because we can give them a private instance and scale at the speed and cost of an Okta or multi-tenet solution like OneLogin or Ping Identity.

We started with a very strong foundation identity management framework based on containers. That was the first part of our strategy. That’s the first of the ecosystem. The services we provide range from full-access governance, automating HR provisioning, to an actionable self-service catalog.

When somebody requests access to SAP, they get the appropriate access. If they request for SuccessFactors, we give them access to it. Imagine an employee asset-tracking solution built into an access-governance solution wrapped with risk or separation of duties.

All of that is built into one platform. We extended that to single sign-on. We knew that the key to one-time provision and to providing a frictionless experience is to start with a simple way for people to experience full life cycle management. In a light way, like Okta does.

The lightweight way involves setting up simultaneous connections or open ID and giving people the ability to add or manage groups in a different way than Okta. We didn’t want to create an Okta ID. We didn’t want to create a separate identity or directory that everyone needs to be a part of.

Instead, we wanted to leverage the directories that our customers have in place. There are no copying attributes up in the cloud. The beauty of these solutions is your authentication occurs without federation in the existing system that you already have.

It might be an active directory – IBM, Oracle, or Open ID. It does not matter to us what the customer is running because that could become their directory. If they want to suck in all their identity, vendors, and partners like Okta does, they can integrate it and make it the hub.

We had a great architecture. We are not copying people’s identities where authentication is occurring with the existing environment. How do we make this password-less? How do we make sure that this is the most secure industry standard? We integrated FIDO2, Duo, Ping Identity, Okta, Symantec VIP, and RSA.

We also have our one-time passcode, Twilio, where people can get an SMS text to login. We have biometric solutions so people can log in with their fingerprint, voice, and face. We just made it hyper-flexible because the customers we are selling to – the enterprise customers – merge with other enterprise customers.

They may have a Ping Identity solution, Duo, or Symantec VIP and it may take a while for the two companies to come together and standardize on a single MSA provider. That was very critical. We took that same technology to our self-service password reset and moved away from questions and answers, securing people’s identity through those methods. 

This segment is part 2 in the series : Thought Leaders in Financial Technology: Nelson Cicchitto, CEO of Avatier
1 2 3 4