Multi-Billion Dollar Travel Services Leader
Full-Scope Deployment of CA Technologies' (Now a Broadcom company) IAM Suite
Client is the world’s only true Travel Commerce Platform, focused on providing distribution, technology, payment and other solutions for the $8 trillion global travel and tourism industry.
Client has about 6000 internal (Corporate) Employees and Contractors and about hundreds of thousands of external (Commercial) users. These users are stored in various systems and applications having discreet management.
Client has mix environments using on-premises, cloud based and subscription based applications for internal, B2B and B2C types.
Problem Statement
Each Application can have a different password policy and expiration time period. User may need to remember multiple passwords to access these different external applications. Employees have complained about having too many passwords in employee surveys
User provisioning is not automated, changes in accesses takes days to take effect for both corporate and commercial users
Deprovisioning has been major concerns by client’s application and data owners
Requesting access via an easy self-service portal was lacking
Privileged account holders have access to exploit privileged access to lead to data breaches
No advanced authentication and fine grained authorization in place for critical resources
Access and Entitlement Certification has been missing for tighter governance
Auditors not satisfied with overall existing security controls for identity and access management
Technology Used
CA Identity Manager
CA Identity Portal
CA GovernanceMinder
CA SSO (SiteMinder)
CA Advanced Authentication
CA Privileged Access Manager (PAM)
Implemented Solution
RAAH gathered “As Is” and derived “To Be” states by working with Client’s Enterprise Architecture, Cyber Security and Operations teams to define, design and implement the IAM solution based on Best Practices.
Web Access Management and SSO solution was implemented to provide SSO for several internal and external sites.
Identity Lifecycle including automated provisioning and deprovisioning process was designed and implemented for both corporate and commercial use integrating with Active Directory, Exchange, Mainframe and many more
Solution for user to access resources on protected external web application via federated identity propagation to the Partner web application without being prompted for authentication on each resource was designed and implemented. The user’s security session information is securely transmitted to partner sites via SAML2.0 POST.
CA Identity Portal was integrated with CA Identity Manager for easy self-service access request
Critical business applications were protected by implementing CA Advanced Authentication mechanism
Solution for Privileged Credentials was designed and implemented using CA’s PIM and PAM products to better privileged access control
Certificate campaigns for Access and Entitlement Certification was implemented and launched for internal users
Benefits of the Solution
With SSO, internal and external users have easy way of accessing their assigned applications thereby increasing user experience and convenience
Identity Lifecycle Management was in place to easily onboard and offboard internal and external users
Critical business applications and resources were protected by automatically challenging the users more whenever the access risk goes up
Password reset requirement for privileged accounts was eliminated since the PAM solution masks the password
Having the Self-service access request and access certification provided peace of mind to the cyber security and auditors
Better user experience on both corporate and commercial sides with improving productivity.
Want to hear more? Give us a shout and schedule a consultation now!