KGH was in the process of evaluating a solution for identity and access management, whilst also developing a SaaS system for their customers. They already had four systems needing authentication, the same was needed for the new SaaS. KGH wanted a solution that could sit in the center and offer one source of truth, removing the need to log into several systems.
They started listing the key criteria to help achieve their goal of creating a microservices architecture. On the top of the list was standards, OAuth and OpenID Connect in particular. They strongly felt the system and supplier needed to be in the forefront of identity and security standards. And it needed to be easy and safe to integrate with other systems, as KGH’s different client applications needed to have a straightforward integration with the new identity management solution. Also, they didn’t want to be locked into one solution, KGH wanted the reassurance that, if needed, they could back out of the technology without too much problem.
KGH was able to realize these and other requirements using the Curity Identity Server, which is built to leverage on standards. In particular, they utilized:
- Issue opaque reference tokens to apps which preserved privacy and were translated into phantom tokens during ingest
- Quickly integrate into Single Page Application (SPAs) using the Assisted Token flow
- Issue tokens to back-end services that were able to safely invoke APIs on behalf of a disconnected user
Mattias Hansson comments:
We looked at different vendors but found that some didn’t use the latest standards, and others had a cost per user that looked good at first glance but resulted in very high total costs. The Curity team are actively working on the standards and are continuously one step ahead, looking at what’s next. And we found the flat, transparent fee very appealing, which made it an easy choice in the end.
The support provided by the Curity team was invaluable. We didn’t have in-depth knowledge of authentication systems or security standards in-house, so the questions were many. And the Curity team were very helpful, responding to our questions promptly, sharing their expertise and useful resources.
With the Curity Identity Server in place, KGH has been able to solve their authentication and privacy challenges and has created the desired “one truth”. The fact that the system provides a very capable implementation of OAuth and OpenID Connect, means KGH can integrate their different systems faster, and offer more secure access for users. The high security in the new platform was proven in the subsequent pen-test that was performed by a 3rd party.
Mattias Hansson concludes:
With Curity’s help we now have a modern and secure architecture which allows us to talk to customers about features we wouldn’t otherwise be able to. By using the Curity Identity Server we can meet our customers at the level where they are currently, from basic to advanced."
The features of the Curity Identity Server and support of the Curity team helped us deliver a large-scale multi-tenancy system by reducing the complexity associated with digital identities
Mattias Hansson - Enterprise Architect at KGH Customs Services