Reference case: Mediahuis

Backbone for digital identities

To this day, the ForgeRock Identity Platform forms the backbone for Mediahuis’ digital identities.

Mediahuis is the international media company behind multiple cross-media brands. Among others, Het Nieuwsblad, Gazet Van Antwerpen, De Standaard, Het Belang van Limburg, and de Limburger belong to the Belgian media company, Mediahuis. All these brands have a digital platform on which not only users can read their favorite newspaper, but where they can also subscribe to newsletters and purchase new products at the same time.

IdentIT - BOSA - Logo - Color

At the end of 2013, when Corelio and Concentra brought their Flemish newspapers and digital publishing activities together in a new company called Mediahuis. They were looking for a progressive IAM platform. After a thorough IAM study and a successful pilot, Mediahuis chose the ForgeRock Identity Platform together with IdentIT as the preferred implementation partner.

To this day, the ForgeRock Identity Platform forms the backbone for their digital identities behind all Belgian brands and the Dutch newspaper De Limburger. The entire ForgeRock Identity Platform maintains a user base of 9 million active users and measures activity of three hundred to four hundred thousand authentications per day.

The Challenges

“News consumers need 24/7 access to the journalistic heart of these brands through all possible platforms.“

The task and challenge of IdentIT at Mediahuis is to optimize the ease of use for existing users and to guarantee a seamless registration process for new users.

It goes beyond being able to guarantee the experience of the user, but also the efficient and safe onboarding of new brands. We make sure brands can focus on their core business and we centralize the registration and authentication process of customers across brands, without interfering with each other, using a “Chinese wall”.

The Solution

Every IAM or CIAM project is an integration project, as digital identity touches every business process and information system. This is where IdentIT makes the difference due to their extensive IAM knowledge they acquired over 12 years in the Identity and Access Management field. Our experience provided Proximus a head start by maximizing the results of the IAM team. Common pitfalls were avoided, steep learning curves have already been overcome and knowledge sharing increases their overall effectiveness over time.

Using industry-standard techniques, IdentIT enabled a Single Sign-On solution that increased the productivity of all employees. By leveraging a single authentication framework, we increased flexibility around secure authentications and we were able to streamline the on- and offboarding of identities.

Access Management

Users can authenticate using a username and password combination after which they’ll get a prolonged session. The prolonged session eliminates the need for users to re-identify themselves each time they want to read their favorite news articles. On the other hand, users must confirm their credentials when they make a security-sensitive action such as changing their data or purchasing an extra subscription.

Users who have lost their username and/or password and do not want to reset their password immediately can request a magic link. After clicking the magic link, the user will be redirected and “magically” authenticated onto the brand.

Registration is done via a simple registration form. After registering, one can easily link an existing subscription to their profile using their subscriber number and zip code.

This is also where Progressive Profiling comes in by gathering information about a user over time, rather than requiring them to enter registration data all in one go. User experience is important so avoiding registration fatigue is key.

Identity Management

When deciding to onboard a new brand (application) to the IAM platform, one should make sure that existing users are not harmed. Users should keep their session as well as their credentials with which they identify themselves. The Identity Management component of ForgeRock keeps this data live in sync during the transition phase, this allows Mediahuis to centralize their IAM needs without creating a big bang.

Identity Gateway

The Identity Gateway component of ForgeRock ensures that legacy applications can securely connect to the IAM suite of Mediahuis and that new internal applications no longer need to be SAML 2.0 or OIDC compliant to be able to connect to the IAM suite. This speeds up and simplifies the onboarding process of new applications significantly. The shielding of security-sensitive parts of the application is also controlled by the Identity Gateway. When a user wants to access a securitysensitive area, his authentication level will be checked and if necessary, the user will have to re-authenticate to guarantee the requested security level (authentication level).

ForgeRock Identity Gateway, part of the ForgeRock Identity Platform, streamlines IAM efforts and helps organizations manage identity and security for web apps, APIs, and microservices with a single solution. An identity gateway keeps your infrastructure agile and responsive to a continually changing security landscape. “The central IAM system – the ForgeRock Identity Stack – of Mediahuis takes care of the authentication and authorization of users so that brands can focus on their core business, delivering 24/7 news.

DevSecOps

Whether you onboard a new brand or upgrade your IAM platform, there shouldn’t be any downtime. To achieve this, IdentIT has automated this entire process with a step-by-step guide to flawlessly initiate an upgrade and by introducing automated deployments using Ansible.

About Forgerock

ForgeRock® is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, and things.Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy & consent, and leverage the internet of things.

ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities
worldwide.

ForgeRock Logo Horizontal

Partners & products

ForgeRock, our partner with whom we have worked closely for many years, has an Identity Gateway. ForgeRock Identity Gateway, based on the OpenIG open source project, is an IoT, application and API gateway, enabling enforcement of enterprise access policies for applications and APIs that are onpremises or in the cloud, whether they are legacy or modern. Either way, no changes to existing applications are necessary.

Subscribe to our newsletter

Stay up to date with the latest CIAM news, including blogs, tips, how to’s and more! Join our CIAM community and subscribe for our newsletter below

In order to fulfill your request, we need to store and process your personal data. If you consent to us doing so, please check the following box:

Questions? we're here for you