×

KGH created ‘one truth’ for identity and data sharing with the Curity Identity Server

KGH Customs Services is a major customs broker at the border between Norway and Sweden, and an important actor in many European countries. The company was established more than 50 years ago when the founder, who lived close to the border between Norway and Sweden at the time, discovered a problem and created a solution to help close the gap between truck drivers and customs officers.Today, KGH helps customers optimize trade and customs management, in order to improve trade performance, operational efficiency, risk management and customs duty control. KGH strives to always be at the forefront of customs and continuously develop skills, competencies and technology to meet new customer demands.

Challenges

KGH was in the process of evaluating a solution for identity and access management, whilst also developing a SaaS system for their customers. They already had four systems needing authentication, the same was needed for the new SaaS. KGH wanted a solution that could sit in the center and offer one source of truth, removing the need to log into several systems.

They started listing the key criteria to help achieve their goal of creating a microservices architecture. On the top of the list was standards, OAuth and OpenID Connect in particular. They strongly felt the system and supplier needed to be in the forefront of identity and security standards. And it needed to be easy and safe to integrate with other systems, as KGH’s different client applications needed to have a straightforward integration with the new identity management solution. Also, they didn’t want to be locked into one solution, KGH wanted the reassurance that, if needed, they could back out of the technology without too much problem.

Solution

KGH was able to realize these and other requirements using the Curity Identity Server, which is built to leverage on standards. In particular, they utilized:

  • Issue opaque reference tokens to apps which preserved privacy and were translated into phantom tokens during ingest
  • Quickly integrate into Single Page Application (SPAs) using the Assisted Token flow
  • Issue tokens to back-end services that were able to safely invoke APIs on behalf of a disconnected user

Mattias Hansson comments:

We looked at different vendors but found that some didn’t use the latest standards, and others had a cost per user that looked good at first glance but resulted in very high total costs. The Curity team are actively working on the standards and are continuously one step ahead, looking at what’s next. And we found the flat, transparent fee very appealing, which made it an easy choice in the end.

He continues:

The support provided by the Curity team was invaluable. We didn’t have in-depth knowledge of authentication systems or security standards in-house, so the questions were many. And the Curity team were very helpful, responding to our questions promptly, sharing their expertise and useful resources.

Results

With the Curity Identity Server in place, KGH has been able to solve their authentication and privacy challenges and has created the desired “one truth”. The fact that the system provides a very capable implementation of OAuth and OpenID Connect, means KGH can integrate their different systems faster, and offer more secure access for users. The high security in the new platform was proven in the subsequent pen-test that was performed by a 3rd party.

Mattias Hansson concludes:

With Curity’s help we now have a modern and secure architecture which allows us to talk to customers about features we wouldn’t otherwise be able to. By using the Curity Identity Server we can meet our customers at the level where they are currently, from basic to advanced."

The features of the Curity Identity Server and support of the Curity team helped us deliver a large-scale multi-tenancy system by reducing the complexity associated with digital identities
Mattias Hansson

Mattias Hansson - Enterprise Architect at KGH Customs Services


Trusted by Many

The Curity Identity Server is used by organizations across all industries to provide secure access to data to millions of users. Here are some examples of our valued customers:

Com Hem Eon Bisnode Entercard Collector Bank Shell Energy Karhoo Kindred Tele2 Region Östergotland ATG Volvo Cars BankData Sproutloud KGH Scandic Axis Riksidrottsförbundet Pagero Poppulo