A major European bank, renowned for its financial services and expertise. As one of the largest financial institutions in the region, it serves millions of customers across various channels, including retail, corporate, and investment banking. The bank has a diverse portfolio of products and services, which are accessible through multiple platforms such as mobile, web, and APIs. To maintain a competitive edge in the rapidly evolving, the banking industry is constantly seeking innovative solutions to streamline its operations, enhance security, and deliver a seamless user experience.
Transforming IAM for a Major European Bank – Journey to a Unified, Secure, and Scalable Solution
The bank faced numerous challenges with their existing IAM infrastructure, which included multiple IAM servers that did not support modern standards such as OpenID Connect, OAuth 2.0, SCIM, and SAML. The bank also lacked support for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user federation. Furthermore, the authentication and authorization workflows were complex, hard-coded into the system, and not easily configurable.
The existing IAM setup required the integration of numerous IT components during the authentication process to build a complete authentication session. The use of legacy technologies limited the support for multichannel platforms such as mobile, web, and API. This resulted in business applications containing both authentication and authorization logic, causing unnecessary complexity and maintenance overhead.
Additionally, the lack of autoscaling features in the IAM solution hindered the ability to adapt to changing user loads and demands. Finally, the slow development cycle was exacerbated by the absence of easily configurable IAM features, which negatively impacted the bank’s ability to respond to evolving requirements and security needs.
Our approach to tackling the client’s IAM challenges
- Implementing an on-premise Keycloak managed service, centralizing and streamlining identity and access management processes.
- Utilizing a microservice architecture deployed on Kubernetes, enabling autoscaling and improved performance.
- Consolidating all existing IAM servers into a single, unified solution, simplifying management and maintenance.
- Adopting configurable authentication and authorization flows to enhance security and user experience.
- Leveraging Keycloak extensions to seamlessly integrate with the client’s existing IT infrastructure and systems.
- Accessing various external systems, such as Active Directory, custom user storage, and legacy systems with user attributes, during the configurable authentication flow to build a complete authentication session.
- Providing multichannel support to accommodate mobile, web, and API access, ensuring a consistent user experience across all platforms.
- Establishing a new CI/CD pipeline to accelerate time-to-market for updates and improvements in IAM-related components.
- Focusing on a configuration-based approach for IAM setup, promoting flexibility and agility in response to evolving requirements.
- Continuously monitoring and optimizing the IAM solution to ensure peak performance and security, adapting to the client’s growing needs.
- High configurability: Our solution allows for easy adjustments and customization to meet the ever-evolving needs of the client’s business.
- Consolidated security mechanisms: By implementing a single, centralized IAM for all business applications, we streamlined the management and maintenance of security processes.
- Centralized control points: We moved control points from individual applications to the Authorization Server, simplifying access management.
- Centralized security policies and identity management: Our solution ensured a consistent and comprehensive approach to managing security policies and user identities across the organization.
- Support for modern standards: Our IAM solution is compatible with the latest standards, such as OpenID Connect, OAuth 2.0, SCIM, and SAML, enhancing security and interoperability.
- Enhanced authentication options: We implemented Single Sign-On (SSO) and Multi-Factor Authentication (MFA) features, providing users with a seamless and secure login experience.
- User federation support: Our solution allows for easy integration and management of users from various sources, simplifying user administration and access control.