A large media company was planning to deploy a new employee portal for full-time and contingent staff. The portal user identities resided in multiple disparate Active Directory (AD) domains and the portal required additional information from the HR systems as well as application-specific attributes in order to provide a highly personalized experience. The portal was aggregating resources from both internal and cloud-based systems, so it was imperative to provide a secure site experience without compromising performance.
Sucess Story: Media Company
Media Company Secures New Employee Portal
![digital-marketing-strategy](https://www.sdgc.com/wp-content/uploads/digital-marketing-strategy.jpg)
Additional Technical Challenges Included:
- A single user account might reside in multiple legacy domains
- Traversing the legacy domains to find the proper user ID would result in the potential for duplicate records and long response times
- The data values that were needed to join the user stores had inconsistent formats
- Only a subset of the user base would be allowed to use Integrated Windows Authentication (IWA) and none of the directories contained an indicator flag for this permission
![bigstock-Hand-working-with-a-Cloud-Comp-85962548-scaled](https://www.sdgc.com/wp-content/uploads/bigstock-Hand-working-with-a-Cloud-Comp-85962548-scaled-1.jpg)
Our Solution
SDG solved the technical challenges with a unique solution integrating Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. VDS allowed SDG to establish a layer of abstraction from the data stores and build logic that wouldn’t require any changes on the back end. CA Single Sign-On was then able to pull in VDS attributes for reference at authentication time. This architecture allowed for:
- A union of identity data between AD and the HR database.
- The creation of VDS Computed Attributes to manipulate data into the proper formats for user unification, authorization and authentication.
- A custom flag in the CA Single Sign-On header to indicate which users are eligible for IWA.
- The use of Persistent Cache to speed up authentication.
- Federation for cloud integrated sites allowed SSO into the HR portal for users managed by external identity providers.
![bigstock-Unlocking-A-Virtual-Data-Strea-109624214-scaled-e1648501377863](https://www.sdgc.com/wp-content/uploads/bigstock-Unlocking-A-Virtual-Data-Strea-109624214-scaled-e1648501377863.jpg)
The new directory and security infrastructure proved to be a winning combination for the media company. A universal user identity was established for all internal employees and contractors. Authentication times were kept to a minimum and, going forward, business solutions can be delivered faster and cheaper thanks to the flexibility of the virtual directory.