IdentIT’s journey at Proximus started by migrating from a legacy solution that no longer met the expectations to a new, flexible and modern IAM platform.
Proximus is Belgium’s largest national telecom provider. It provides telephony-, tv-and internet-services to more than 45% of all Belgian citizens. A well-established IAM solution is necessary to keep things running smoothly, with such a large userbase.
The Challenges
The legacy IAM platform of Proximus was a mastodon of customized login flows and distributed databases. Therefore, the impact on maintainability, performance, and administration was mediocre.
A proper analysis was needed to forge the optimal migration plan. The migration towards the ForgeRock Identity Stack started with a goodbye to a lot of customizations and a warm welcome to out-of-the-box features of the ForgeRock platform. One of the biggest business challenges that drove the need for a new IAM platform was the demand to gradually dispose of legacy applications that used their own identity store. Centralizing user data and enabling Single-Sign-On was one of the top priorities for Proximus.
The Solution
Every IAM or CIAM project is an integration project, as digital identity touches every business process and information system. This is where IdentIT makes the difference due to their extensive IAM knowledge they acquired over 12 years in the Identity and Access Management field. Our experience provided Proximus a head start by maximizing the results of the IAM team. Common pitfalls were avoided, steep learning curves have already been overcome and knowledge sharing increases their overall effectiveness over time.
Using industry-standard techniques, IdentIT enabled a Single Sign-On solution that increased the productivity of all employees. By leveraging a single authentication framework, we increased flexibility around secure authentications and we were able to streamline the on- and offboarding of identities.
Access Management
Forgerock’s Access Manager enables the flexible authentication mechanism of the Proximus platform. The implemented authentication mechanisms range from the old-fashioned username password to multi-factor authentication possibilities like TOTP to the integration of a modern 3 rd party authenticator such as ItsMe. This flexibility is made possible using ForgeRock’s Intelligent Access Engine. The engine is delivered through a “trees” framework for modeling the authentication journey using numerous nodes to detect digital signals, make decisions, and direct authentication accordingly.
Identity Management
Centralizing distributed customer data is achieved by introducing ForgeRock’s Identity Manager which is connected to all legacy databases. ForgeRock enables data centralization without interrupting business processes. Eventually, the legacy databases will be replaced by flexible micro-service systems on top of ForgeRock IDM, this provides a high-performance interface for all applications. The Identity Manager of ForgeRock automates the entire identity lifecycle, delivering it as a comprehensive and secure service managed from a central location. This approach to identity management enables Proximus to collect the appropriate level of user information from HR systems, users, or third-party applications, at the appropriate time.
Identity Gateway
The Identity Gateway component of ForgeRock is the main entry point towards the IAM platform. It’s used to protect both legacy and modern applications using a standardized federation mechanism such as OAuth 2.0 and OpenID Connect while supporting old-fashioned techniques such as header-based authorization.
An identity gateway keeps your infrastructure agile and responsive to a continually changing security landscape. With ForgeRock, you can ensure that your applications satisfy identity and security protocols at any scale without impacting business requirements. This enables you to secure data and transactions, and future-proofs your changing needs, standards, and technologies.
DevSecOps
IdentIT’s approach for maintaining ForgeRock Identity Stack deployments is to integrate them into a continuous deployment and integration pipeline using tools such as Ansible. Automated deployments are key to reduce the risk of human error and to improve time-to-market value. Next to this, we introduced a release strategy that guarantees business continuity.
About Forgerock
ForgeRock® is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, and things.Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy & consent, and leverage the internet of things.
ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities
worldwide.
Today’s accelerated digitization
Companies are under enormous pressure to meet the accelerated digitization due to the corona pandemic. They need to ensure that employees can sign up anywhere on any device to be productive. On the other hand, customers expect to be able to manage their entire lives digitally with a frictionless yet secure experience. With the help of the ForgeRock Identity Platform, any identity, whether it’s an employee, a customer, or a device can be provided with the right experience.
Partners & products
The communications industry has been in a state of transformation for decades. Because of this, communications service providers (CSPs) are reinventing themselves to provide services that go well beyond providing telecommunications and network products. These new services offer an opportunity to gain a broader share of wallet by offering lifestyle services for consumers and enterprise services for businesses.
Today consumers and businesses alike are increasingly dependent on interconnected ecosystems where communications, security, and trust are core tenants. In a world where every type of service is expected to be instantly available and ready to serve a user in a personalized and frictionless manner, CSPs are well-positioned to play an increased role in those interconnected ecosystems leveraging their networks.
ForgeRock, our partner with whom we have worked closely for many years provides a flexible Identity and Access Management suite that enables you to consolidate the existing identity and access management systems into a modern multi-modal logistic solution. The ForgeRock Identity Platform works with legacy infrastructure and supports the massive scale of today’s mobile world. Customers expect functionality, immediacy, and privacy from communications service providers and media companies. That’s what we help you deliver.