Sucess Story: Media Company

Media Company Secures New Employee Portal

A large media company was planning to deploy a new employee portal for full-time and contingent staff. The portal user identities resided in multiple disparate Active Directory (AD) domains and the portal required additional information from the HR systems as well as application-specific attributes in order to provide a highly personalized experience. The portal was aggregating resources from both internal and cloud-based systems, so it was imperative to provide a secure site experience without compromising performance.

digital-marketing-strategy

Additional Technical Challenges Included:

  • A single user account might reside in multiple legacy domains
  • Traversing the legacy domains to find the proper user ID would result in the potential for duplicate records and long response times
  • The data values that were needed to join the user stores had inconsistent formats
  • Only a subset of the user base would be allowed to use Integrated Windows Authentication (IWA) and none of the directories contained an indicator flag for this permission
bigstock-Hand-working-with-a-Cloud-Comp-85962548-scaled

Our Solution

SDG solved the technical challenges with a unique solution integrating Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. VDS allowed SDG to establish a layer of abstraction from the data stores and build logic that wouldn’t require any changes on the back end. CA Single Sign-On was then able to pull in VDS attributes for reference at authentication time. This architecture allowed for:

  • A union of identity data between AD and the HR database.
  • The creation of VDS Computed Attributes to manipulate data into the proper formats for user unification, authorization and authentication.
  • A custom flag in the CA Single Sign-On header to indicate which users are eligible for IWA.
  • The use of Persistent Cache to speed up authentication.
  • Federation for cloud integrated sites allowed SSO into the HR portal for users managed by external identity providers.
bigstock-Unlocking-A-Virtual-Data-Strea-109624214-scaled-e1648501377863

The new directory and security infrastructure proved to be a winning combination for the media company. A universal user identity was established for all internal employees and contractors. Authentication times were kept to a minimum and, going forward, business solutions can be delivered faster and cheaper thanks to the flexibility of the virtual directory.