Case Studies Establishing an Identity & Access Management Program

Establishing an Identity & Access Management Program

A large insurance company engaged Woodridge to build out a tech-enabled platform for home services. The platform connects homeowners with professional contracting firms when they experience unplanned breakdowns of essential home systems.

Challenge

A large insurance company needed to ensure that its internal staff, as well as its customers, had access to their private and sometimes sensitive data as well as protecting access to the services on the backend. Despite having a legacy IAM solution in place, the client found that it still needed help with:

  • Modernizing their login and access patterns to mitigate security risks and prevent the storage of sensitive user data by insecure front-end apps and browsers
  • Centralizing their authentication systems for better management and security, allowing consistent access to user auth by many different development teams (both internal and external)
  • Establishing programmatic API access to user identity management while maintaining security and architecture best-practices

Our Approach

Since Woodridge had built out the microservices platform and had experience with implementing IAM programs in the past, we were a natural fit. We selected FusionAuth as the authentication and user management platform for the project. FusionAuth is lightweight, integrates easily with multiple frameworks and is easy to deploy.

Woodridge then implemented Istio and Opa policies in front of the client’s multiple microservices. We used the user’s authenticated session to allow or reject their ability to access the microservice or make a request to the microservice.

Results

As a result of the Woodridge engagement, this insurance company now has an IAM program that automates user authentication across the entire enterprise’s suite of microservices and is integrated into a single system. The increase in automation and improved processes resulted in a 60% reduction in resource effort for ongoing manual maintenance.

Technologies Used

  • FusionAuth
  • Istio
  • Opa
  • Kubernetes
  • OAuth2
  • SAML
  • SSO
  • Microsoft ADFS