Access Management application scenario
Centralized Application Security
Access Management ensures that, only authorized persons and processes are granted access to the growing number of applications and resources in the enterprise. With our approach, the effort required to integrate an Access Management platform with your applications is minimized.
NOTE: iC Consult has enjoyed the confidence of Global 500 companies for many years. The projects we support and implement are of strategic value to our customers, both for security reasons and as a business driver. For confidentiality reasons, all use cases shown here are anonymized and obfuscated. But the individual elements of the solutions are real and used by several of our customers and reflect our project experience.
Customer and Objectives
The customer ACME is a large global automobile manufacturer with several automotive brands.
The aim was to migrate more than 1,000 applications, each using proprietary local user management systems, to a central access management solution.
ACME chose iC Consult as their systems integrator, due to the company’s vendor-neutral stance, broad product expertise, and project experience required for the solution. Each of the worldwide distributed, siloed solutions had to be integrated efficiently, securely and appropriately into the newly provided central services.
Task and challenge
Under the existing structure, employees, partners and suppliers had to log in to the corporate and branch applications with many different passwords in order to use the various applications. There were a number of poorly secured, proprietary services that provided single sign-on between applications and portals. A series of corporate mergers had also complicated the integration of IT resources. This led among others both to user frustration and high helpdesk costs.
With over 1000 applications worldwide, it was nearly impossible to determine what access rights should a user should have or whether a user had been granted appropriate permissions. It was even more difficult to change or completelly revoque access permissions after a user changed positions or left the company.
Since the web applications did not use company compliant login procedures, many security problems emerged.
What was required was a central access management solution that ...
- centrally controled authentication and authorization
- reduced helpdesk costs and efforts
- offered a comprehensive single sign-on to the users with uniform look & feel
- provided self-service for password resets
- reduceed application development and integration cost
- protected corporate data from unauthorized access
The solution needed to be highly available and robust, run globally with no downtime, and cover employees, partners, suppliers, dealers and customers.
Solution and Implementation
To meet these requirements, iC Consult integrated the best-suited products from different software vendors with the client’s infrastructure. As the systems integrator, iC Consult was responsible for:
- The Web Access Management system
- A highly redundant, high performance directory service
- The implementation of various authentication methods and a suitable federation solution..
In order to achieve quick results and minimize risk on such a major project, the solution was divided into manageable phases, which were implemented successively.
Breaking the project down into individual phases meant the benefits were immediately visible and further changes could be implemented quickly, including:
- Standardization of the user identifier as prerequisite
- Focus on major portals and applications to achieve presentable results quickly and create a pull on smaller applications
- Building an "Application Integration Factory" to provide the tools for the efficient, homogenous integration of hundreds of applications
- Provision of additional features:
• centralized authorization mechanisms
• integration of rich clients
• standardized federation protocols
• multi -factor authentication
• mobile login
• integration of social networks
- Defining and continuously monitoring measuring points, to detect problems before they become noticeable to users
Results and benefits
Because the "Application Integration Factory" replaced the manual integration of applications, decentralized login procedures and authorization mechanisms were eliminated and the cost of implementing and deploying new applications could be minimized.
The customer was able to fulfill the group-wide privacy and security policies. This means:
- Group-wide regulated access, only to the data necessary to carry out the given tasks
- Immediate access lockout for former employees, even for the use of cloud applications
- Reduction in application security vulnerabilities, through central access management rules
- Reduction of security risks associated with password sharing
- Making phishing attacks more difficult
- Traceability of access to business-critical applications
Through single sign-on, the help desk calls have been reduced, and the login process for employees, customers and suppliers has become more convenient.