Single Sign-On for Global Supply Chain SaaS organization that empowers Government and Fortune 500
Client Story
Eventually, every thriving company reaches a point where the number of users/clients starts to increase. That leads to a requirement for a user enrollment system that can easily handle growth and a heightened emphasis on security measures.
Our customer faced the same challenge. The company needed optimization of the processes of new users enrollment which resulted in 3x business scalability.
- 500+ enterprises utilize solution, including Fortune 500
- 50K+ active users monthly
- 30+ enterprises added annually
Challenge
Multi-billion company had a self-created login system wherein the administrator had to add each user manually. That resulted in surpassing expenditures (cost of user enrollment/amount of users added per month), poor security and constraints to scale the business.
After evaluation of corporate procedures and technical state our domain tech experts suggested implementing the SSO system.
Solution
With careful analysis of the system, client’s expectations and vision as well as various implementation options, we had to decide on the most cost-effective and suitable solution.
There was a possibility to implement the SSO solution from scratch or integrate with some ready-made solutions available on the market.
After analyzing a number of options, we decided on integrating with an open-source Red Hat build of Keycloak.
Why Keycloak?
- Keycloak implements security standards OpenID Connect, OAuth 2.0, and SAML.
- We were searching for technology that would seamlessly integrate with the core product, considering the tech stack and functional requirements.
The core application is written in Java, so it perfectly matches with Keycloak, which is a Java product itself. Also, it integrated well with the existing WildFly application server.
Instant integration with multiple identity providers, such as Microsoft, Oracle, Okta, Google, Facebook, and others allowed us to achieve incredible business results
What’s also important, for supply chain companies who have a huge network of suppliers and partners, it’s good to have a separate servers with all the data secured. Keycloak provides a separate SSO server for that purpose which allows optimizing business processes as well.
Tech stack
- AWS
- Spring
- JAVA EE 7
- Kafka
How it works?
By using OpenID Connect and SAML 2.0 standards, we redirected a user's browser from the application to the Keycloak authentication server to enter their credentials. We add the specific entity into our system, which customers may use to register in our SaaS. This allows users don't have to manually input credentials but enter the system through already registered accounts in Google, Okta, ADFS, and other third-party systems.
The SSO server also allows not only to manage existing users but also add users who are imported through the identity providers of our clients.
On the architectural level it’s implemented in the following way:
The Results
Erbis had strategically and cost-effectively resolved the challenge by integrating the SaaS platform with open source SSO service that implements all required security standards and works with multiple identity providers.
This simplified the process of managing access for external partners and vendors, reducing the cost and time associated with onboarding and managing third-party user access. This also minimized security risks.
Implementation resulted in high availability and zero downtime. It is easily scalable, taking into account the current business needs, and is ready for any surge of customer traffic.
How we can help You
Our expertise counts over 10 years of experience working with Supply Chain companies of all sizes and locations, delivering tailor-made software solutions that dramatically empower the business.
No matter the complexity, we're ready to address all your needs and challenges!
