Abstract
A top hospitality and tourism firm in the USA was looking to build IAM solutions for their B2C business covering 1 million users that included customers, 3rd parties and suppliers. The engagement also extended to supporting the run operations through a managed services model that covered:
- Single sign-on (SSO)
- Identity and access management
- Federated identities
- Social login and applications access via mobile
- access via mobile Multi-factor authentication (MFA)
Challenges
The client’s infrastructure was operating on outdated, carry legacy identity policies to identify and authorize users. The client was having custom Identity and Access Management (IAM) solution and spending high costs to manage millions of user identity life cycles, access management, single sign-ons, disparate credentials for almost every application/system implemented for critical business services. Furthermore, the identities were stored in multiple repositories and no single source of truth was available for delivering a uniform and seamless access.
This rendered multiple issues and security lapses/incidents in the client’s environment. The client was looking for an experienced partner for a swift upgradation of their IAM infrastructure where they could meet the business requirements for identity and access management, user provisioning/de-provisioning and updates using automated solutions or self-servicing capabilities with minimal intervention from the IAM support team.
Key Differentiators
RPA driven automation for application onboarding:
- Onboarding applications
- Distribution list automation
- Custom user registration module/component
- Readily available user consolidation, migration solution
In the earlier scenario, the client used a manual process for onboarding applications and distribution list creation. Mindtree’s RPA driven automation helped the client in automating application onboarding process and distribution list creation, which in turn reduced the turnaround time to 4 to 6 hours for onboarding an application (as compared to the previous duration of 40 to 100 hours per application) and 70 hours per month for distribution list creation (as compared to the previous duration was 95 hours per month).
Solution
Mindtree worked closely with the client and understood the business requirements expected to be delivered via the new IAM solution. Mindtree IAM specialists documented the current landscape and gaps. Based on their understanding, they concluded that the client required a centralized access management system for automating the challenges identified above. The client also agreed with our assessment.
Mindtree proposed ForgeRock CIAM solution as the best fit solution to meet the customer’s requirement, and we implemented a centralized identity and access management system with the following components:
- OpenIDM – User profile service & password management
- OpenAM – Single sign-on and Access Management
- OpenDJ – LDAP (Light-weight Directory Access Protocol) directory service
- OpenIG – Reverse proxy with session management
Impact
- All users are identified and authenticated by using a single centralized CIAM solution. Therefore no more multiple user identities, passwords and roles to be managed by the users and the backend operations team
- Centralized automation of user lifecycle management (provisioning, modification, de-provisioning) was established
- Seamless authentication and authorization rolled out for 1 million users across all 30+ business applications
- Seamless SSO for social and mobile applications and improved the client’s customers application access and decreased the cost involved in running the help desk
- Improved centralized auditing and reporting
- Created provision to generate 100+ business analytics automated reports & dashboards
- Reduced cost of the overall IAM administration by 60%.
