Enabling access to 50 systems with a single authentication portal

Achieving the right level of data protection gets ever more difficult with the growing number of users with different access permissions.

With many services available for clients and partners, there eventually comes a need for a single, secure, and convenient authentication platform.

Challenge

Our client is a giant manufacturer with over 50 different brands that are used daily by different end customers. Across their service lines, they had over 100,000 users, all of whom needed to be able to access the company’s customer resources.

Until now, each service line was separate, meaning that users needed separate credentials to access resources for each one. Moreover, the company could not connect data across brands, as each customer was treated by the system as a separate user of each product, limiting the ability to provide more personalized offerings.

Moreover, the organization has thousands of employees, as well as external partners, all of whom need to use their resources on a daily basis. Managing this volume of user lifecycles became a significant burden on their IT infrastructure and teams.

Solution

Together with the client, we have set up a multi-access authentication platform. It aggregates all identity and access functionalities for the company’s applications, making them accessible via a single login.

Overview of authentication portal structure

The solution supports 3 types of users: customers, partners, and employees. Each of these groups can use different services, but they all log in through the same platform.

The MIP provides key functionalities that make users’ life easier:

• Single sign-on – for all necessary services
• Self-registration and account management – reducing the workload on IT teams when it comes to account maintenance
• Integration with external identity providers – enabling Single Sign-On using existing accounts
• Simplified registration with existing e-mail address – allowing partners to register using their company e-mail rather than create a separate account.

The platform is built using Microsoft Azure AD, with the addition of Microsoft Azure AD B2C, provided by Microsoft. The services provide a single authentication gateway for internal and external users.

In addition, Azure AD B2C is connected to a secure database storing user data and permissions. Using this information, the service also provides authorization functionality, ensuring the right users can connect to the right resources.

Results

The platform has improved customer experience for the client’s users. Now everyone needing to access organization’s resources can use a single login box for all the services and has to remember a single set of credentials, simplifying access. With self-service functionalities, users can manage their own data and resolve any login issues immediately without the need to engage the IT team.

As the service is entirely cloud-based, it is equipped to handle the necessary volume of requests at any time. As a result, there is no risk of service disruption due to e.g. an unexpected increase in users at one time.

The platform also enables additional security measures, such as multi-factor authentication, limiting the risk of a security breach. It also takes advantage of the latest Azure Cloud security features.

Fully automated user lifecycle management, enabled by Microsoft technology, reduces the need for the involvement of other departments. Thanks to the integration with internal systems, the platform automatically grants and revokes access for employees and partners when they begin or end cooperation with the client.

As a result, the client has a secure identity and access management solution that makes for an easier user experience, allows for a centralized view of user data, all while reducing the workload and increasing security.