Over the past 11 years, CoreBlox has established a track record for delivering successful Identity & Access Management architectures and deployments. We pride ourselves on our knowledge of not only the standalone tools and technologies we deploy, but how to build a complete security solution by combining the unique capabilities of multiple products. The success stories below demonstrate our ability to be creative thinkers in the face of complex business challenges:
Success Story #1: Enterprise Software Company with Multiple Acquisitions
A global software company had completed several acquisitions in a single year and needed to demonstrate immediate brand integration to its customers as well as its public investors. The first key initiative was to bring all the legacy users under a single customer service umbrella. Both the financial and the customer communities at large expected this to happen in an expedited manner as a key indicator of integration success. Therefore, CoreBlox was chartered with:
- Integrating the acquired customer service systems as quickly as possible
- Providing a seamless service experience using existing infrastructure
- Expediting the integrated brand alignment time to market
What seemed a straight forward initiative was seeded with the common challenges of integrating multiple lines of business. Each acquired company had its own user identities, security policies, directories, infrastructures, and supporting personnel. After initial analysis, CoreBlox identified the project roadmap:
- Align the 5 disparate systems with unique application cross- dependencies
- Integrate the 14, 000 internal employees and 300,000 external users into a common global customer service platform
- Aggregate 5 different identity stores across 5 distinct sets of infrastructure
- Recognize a single user may have multiple identities established across the 5 systems and rationalize to a common user identity recognized by all necessary applications
- Create a common set of policies and procedures for the infrastructure teams
CoreBlox’ end solution was built on Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. In an effort to buy time while the proper integration planning occurred, CoreBlox established an interim environment that could operate in parallel using the power of Single Sign On (SSO) combined with the existing legacy support systems. VDS was used to create the concept of a unified user profile that drew its attributes from all 5 existing directories. This enabled a user to log in one time and access as many of the legacy support systems as needed. Once the interim environment was operational CoreBlox went forward with the long term consolidation strategy that eventually consolidated the 5 service systems, processes and personnel into a single, cohesive unit.
The CoreBlox architectural strategy was key to the Global Software Provider’s objective of demonstrating brand alignment through a single customer service portal. By combining CoreBlox expertise and best of breed technology, the initial phase was operational and supporting all legacy customers in less than half the original time projected.
Success Story #2: Media Company Secures New Employee Portal
A large media company was planning to deploy a new employee portal for full-time and contingent staff. The portal user identities resided in multiple disparate Active Directory (AD) domains and the portal required additional information from the HR systems as well as application-specific attributes in order to provide a highly personalized experience. The portal was aggregating resources from both internal and cloud-based systems, so it was imperative to provide a secure site experience without compromising performance.
Additional technical challenges included:
- A single user account might reside in multiple legacy domains
- Traversing the legacy domains to find the proper user id would result in the potential for duplicate records and long response times
- The data values that were needed to join the user stores had inconsistent formats
- Only a subset of the user base would be allowed to use Integrated Windows Authentication (IWA) and none of the directories contained an indicator flag for this permission
CoreBlox solved the technical challenges with a unique solution integrating Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. VDS allowed CoreBlox to establish a layer of abstraction from the data stores and build logic that wouldn’t require any changes on the back end. CA Single Sign-On was then able to pull in VDS attributes for reference at authentication time. This architecture allowed for:
- A union of identity data between AD and the HR database
- The creation of VDS Computed Attributes to manipulate data into the proper formats for user unification, authorization and authentication
- A custom flag in the CA Single Sign-On header to indicate which users are eligible for IWA
- The use of Persistent Cache to speed up authentication
- Federation for cloud integrated sites allowed SSO into the HR portal for users managed by external identity providers
The new directory and security infrastructure proved to be a winning combination for the media company. A universal user identity was established for all internal employees and contractors. Authentication times were kept to a minimum and, going forward, business solutions can be delivered faster and cheaper thanks to the flexibility of the virtual directory.
Success Story #3: Financial Company Needed to Extend CA Single Sign-On
A large teacher retirement fund management company required a simpler and more powerful way to extend and leverage their CA Single Sign-On infrastructure for their customers and employees. They were using CA Single Sign-On™ to provide traditional single sign-on for their customer portal and internal web applications while utilizing PingFederate™ from Ping Identity to give employees access to corporate SaaS-based applications and customers access to 3rd Party Services for their Customer Portal. They also had a number of native mobile, desktop and web applications that leveraged CA Single Sign-On as well.
The challenges on this engagement were extensive:
- Eliminate homegrown connections for employee and customer login to corporate resources
- How to manage native mobile application authentication and access via CA Single Sign-On
- Enable employee SSO 50+ SaaS applications through existing CA Single Sign-On sessions
- Simplify integration with CA Single Sign-On
CoreBlox helped solve the CA Single Sign-On integration challenges with our CoreBlox Token Service (CTS). With a 20min installation time and no disruptions to employees and clients during the implementation, CTS provided a simple and secure method to access existing CA Single Sign-On policy definitions via a RESTful API.
By leveraging CTS, CTS provided internal development teams a standard, repeatable way to exchange session information with CA Single Sign-On while removing the complexities of having to integrate with the CA Single Sign-On SDK. CTS provided native mobile applications a simple API to validate identity and access rights via CA Single Sign-On. Ping Identity wrote a CoreBlox Adapter for PingFederate that integrated with CTS that enabled over 9,000 employees Federated access to 50+ SaaS applications. The CoreBlox Adapter for PingFederate also enabled Customer Portal users Federated access to key 3rd Party services.