How to Add an Identity Management System to Your BMS

Limiting access to software applications, building systems, and IT infrastructure is critical for building security. This means it’s important to put in place an identity management system that identifies and authenticates users to ensure only authorized individuals can access building systems and data. Today, such systems can be integrated directly into your building management system (BMS). These systems can include passcodes or passwords, radio frequency identification (RFID), MFA devices, and biometrics.

As buildings become increasingly connected, the stakes of identity management are higher than ever before. You can make smart decisions about the security of your property by taking a closer look at your options.

How an Identity Management System Works

Identity management in buildings means managing the digital identities of occupants and giving or removing access to particular assets for individual users. 

Identity management systems normally involve: 

• Directories or other sources confirming identity via personal data that can define individual users. 
• Methods for auditing and reporting. 
• Procedures that regulate user access. 
• Tools that allow administrators to add, delete, and modify who can see specific datasets. 

While a single user should only have one identity within the system, that person may have different permissions  that represent the different ways in which they interact with a BMS or other automated building systems. For example, a facility manager would have more access control than someone on the maintenance staff.

Identity Management

Tenants, staff, and contractors often have access to certain elements of a BMS to give them control over specific functions in commercial buildings. These can include functions like climate control, lighting, or physical access control. This requires managing specific user credentials within multiple systems. These systems are often a mix of cloud-based and on-premises applications for which access and security parameters both need to be established. 

Successful building administrators evaluate credentials and control access on a user-by-user basis by managing identities across these various platforms. Multi-factor authentication may seem more secure, however, using multiple passwords does not necessarily contribute to better security. Research suggests that nearly 40% of employees access an average of over 100 software applications. These employees use, on average, just 2-4 passwords, and when one password is compromised, the rest often are as well. Single sign-on (SSO) access, along with multi-factor authentication, is often preferable. SSO allows users to provide additional information to identify themselves without having to remember multiple passwords. 

It’s even possible to configure access so that passwords aren’t needed, without compromising security using passwordless Multi Factor Authentication (MFA). For example, a smartphone app or a physical card or token can enable seamless and easy access. This avoids the risks inherent to weak passwords while still protecting access to data and systems. 

Access Control

Whereas identity management focuses on authenticating that the user is who they say they are, access control looks at whether an individual is authorized to access the data or conduct the action requested. It protects against users who are careless with their credentials and minimizes opportunities for malicious actions.

Authentication and authorization work together to protect data and systems.. In fact, access control policies are among the first to be investigated when a breach occurs because it helps to determine whether the breach was inadvertent or deliberate. This is particularly critical when building systems are accessed remotely, as is becoming increasingly common.

Implementing an Identity Management System

Identity management improves building security by reducing the number of users who have excessive or problematic privileges to access a building’s digital network and BMS. 

Best practices for implementing an identity management system involve: 

• Assessing roles before assigning access privileges.
• Building a registry of the various identities that require access, including user accounts,, third-party users, API users, and connected devices. 
• Communicating policies clearly about which identities and roles can access specific resources. 
• Configuring password policies into processes and applications that ensure systems are secure. 
• Limiting when and where users can access data or systems, preventing any access beyond what is needed. 
• Partnering with a third-party provider to provide neutral oversight over BMS to prevent breaches.
• Performing a SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis to establish the risk to the building. 
• Preventing excess privilege from being created by ensuring policies are strictly followed. 
• Reviewing and removing credentials that are no longer used frequently.
• Restricting abuse of privileges by protecting root-level access. 

When implementing an identity management system and integrating it within a BMS, always err on the side of security.

Integrating Identity Management Into Your BMS

Adding an identity management system to your BMS can be a complex process that depends on:

• How extensive your system needs to be.
• The level of security you require.
• The number of users who will require access.
• The number of interconnected applications.

This involves both physical and digital access, including cards, readers, controllers, and software applications that create and manage secure identities for users. 

Working with an industry-leading master systems integrator ensures you have all the components necessary for a robust system with excellent security. At a time when smart technologies are introducing new vulnerabilities, an identity management system developed by an experienced contractor will safeguard your building and the people within it.

Buildings IOT offers state-of-the-art solutions for adding an identity management system to your BMS. Contact our team of experts to learn more about what we can do for you.