Securing millions of daily digital interactions: How ICA centralized access across retail, banking and beyond

The Need for a Unified Access Platform

Store and warehouse depended on different applications with their own authentication and user management solutions. For employees working with multiple tools, this meant managing different credentials and access methods, while administrators faced a growing operational burden.

With a large number of users spread across many locations, access administration became cumbersome. Different applications relied on different approaches - some local, some centralized and not all of them worked consistently. This made it harder to maintain a uniform security posture and slowed down the rollout of new applications and integrations.

At the same time, ICA saw growing demand for stronger authentication, modern login experiences and a more consistent way to reuse identities across services. Rather than continuing to patch together individual solutions, ICA set out to centralize identity using open standards and shared infrastructure.

From a Few Applications to a Group-Wide Foundation

ICA’s journey with Curity began with a small number of internal applications. The initial goal was to centralize authentication, using open standards such as OAuth and OpenID Connect, and reduce operational overhead for both IT teams and end users.

As ICA later introduced an API management platform, Curity naturally became the security layer for APIs. This marked an important shift: once APIs were protected centrally, separating end-user authentication from API access control no longer made sense as the Curity Identity Server enabled both.

From there, adoption expanded organically. Now Curity sits at the center of ICA’s digital services. It protects both internal applications and customer-facing systems, as well as the APIs that connect them. This includes services used directly by customers in everyday interactions, such as self-checkout systems, handheld scanners, website and mobile app, alongside internal store and warehouse applications.

Smart Choices That Enabled Scale and Growth

Several early decisions beyond adherence to standards have proven to be long-term enablers for ICA.

Choosing a solution with a suitable commercial model allows ICA to support a broad and diverse user base, including employees, partners and customers, with traffic patterns that vary significantly around weekends and major holidays.

Having a clear and transparent pricing allows ICA to integrate new services without introducing cost uncertainty. It means ICA can support self-service API usage and onboard new consumers without procurement delays or budget discussions.

Another key decision lay in deployment flexibility. ICA evaluated running Curity in the cloud but chose to keep the production environment on-premises. With traffic coming from internal networks, public networks and many different API clients, stability and predictability were essential. At the same time, Curity’s ability to run in different environments allows ICA to experiment without lock-in.

Close collaboration with trusted partners has also been central. Ductus plays a key role in operating ICA’s identity platform, working closely with both ICA and Curity. This setup has helped ICA build deep internal knowledge while maintaining direct access to product expertise when exploring new use cases or improvements.

Looking Ahead

ICA continues to follow developments in identity and security with a pragmatic mindset. New authentication methods and evolving regulatory requirements are part of that picture and so is the increasing role of AI in digital services.

As ICA explores AI-driven capabilities across the organization, identity remains a key concern. Securing access to services, APIs and data becomes even more important when systems act with greater autonomy or operate across multiple domains.

While specific use cases are still evolving, the ICA team is certain that identity will play a central role in how AI-enabled services are secured over time, with Curity continuing to be part of that foundation.

Secure Access at National Scale

ICA’s journey shows how a standards-based identity and access platform can grow alongside a large, diverse organization. By starting small, making deliberate architectural choices and expanding gradually, ICA has built a unified identity and API security foundation that supports both current operations and future initiatives.

Curity is no longer a point solution within ICA but part of the group’s shared infrastructure, shaped over time through close collaboration.