Identity and Access Management
Dimiour elevates a Fortune 100 organization’s identity management capabilities Secure, highly available, and resilient identities on AWS cloud
Our client engaged Dimiour to help build a secure and seamless authentication platform – a platform on which users wouldn’t get bogged down with heavy authentication screens or procedures. And at the same time, provide a solution that ensures the necessary security and privacy measures to protect their identity and access.
The client’s existing platform scaled and evolved over a period of a decade involving a number of business partners. Below is a historical snapshot of how identity management needs changed over time.
While the business demands to elevate the customer experience had drove the decision to adopt what was, at the time, the latest technology trends on the cloud and selection of SaaS based platforms, the growth in various hyper personalization business scenarios for the connected technologies and their associated services outpaced the scalability and versatility of existing solution.
Architected with flexibility and scalability
A detailed analysis was completed by Dimiour to pinpoint one of the main pain points for the client – the need to securely and seamlessly integrate with and allow access to the growing number of varying interfaces and services – in-product, multimedia components, navigation and destination services, location and data communication services, virtual assistance, marketplace transactions, mobile app, administrative console, etc.
Having identified the needs, an in-depth study of technologies and industries was conducted to find the best fit for the solution – an AWS hosted ForgeRock Identity and Access Management, an architecture that can provide the client with the versatility needed, not only for today’s defined data/process flows and user experiences, but also for the future roadmap.
The fully container-based architecture was designed to scale out/in on a need basis with multiple availability zones active on multiple geographical regions to provide a 99.999% availability. The platform was designed with the following tenets:
- Zero trust security & Cyber Resilience
- Fully automated DevSecOps
- High Availability & Performance
- Canary Rollouts & Piloting
- End to end Monitoring & Proactive Ops
- Non-repudiation & Auditing
The solution is hosted on Amazon Elastic Kubernetes Services which works with highly durable Amazon’s PaaS based datastores.
Engineered for high availability and resiliency
The solution is deployed on multiple AWS regions, across multiple availability zones scaling-out or scaling-in on a need basis, meeting the availability needs of the business. More than 8 million users are able to seamlessly register and login through the platform to access and consume the services today. The datastores are replicated across regions with automations to elect master and read replicas, ensuring a high level of resiliency.
Developed with fully automated fast feedback cycles
Agility is one of the core business considerations to continuously improve the platform maturity and offerings. To support that, a fully automated DevSecOps release process for application workloads, infrastructure, and validation scripts was set up. This provides immediate functional and non-functional feedback on changes that help with the “quality first” development on AWS cloud.
A reusable global platform
Being a global organization, the client wanted to be able to extend and propagate the solution out to the other business regions and entities across the world. Hence, the system was architected with considerations to proficiently support globalization and localization needs. For example, data security and compliance requirements were implemented with replication and portability in mind to extend beyond United States and North America. Since the initial launch in 2020, our client has successfully extended the solution out to other geographical markets, such as Australia, Europe and Asia.
Business Benefits & Prospects
The platform provides the business with the means to:
- identify the customers at all touch points, such as mobile, web, product head unit, or any future edge IoT devices, and personalize service offerings at all times, and
- provide a secure password-less authentication experiences and remote access capabilities using biometrics on paired mobile devices
With advances in the network connectivity (5G networks) and the proliferation of machine-to-machine interactions in mobility, our client can now safely innovate new capabilities and business processes, without being constrained by security or identity.