Multi-Billion Dollar Travel Services Leader

Full-Scope Deployment of CA Technologies' (Now a Broadcom company) IAM Suite

  • Client is the world’s only true Travel Commerce Platform, focused on providing distribution, technology, payment and other solutions for the $8 trillion global travel and tourism industry.

  • Client has about 6000 internal (Corporate) Employees and Contractors and about hundreds of thousands of external (Commercial) users. These users are stored in various systems and applications having discreet management.

  • Client has mix environments using on-premises, cloud based and subscription based applications for internal, B2B and B2C types.

Problem Statement

  • Each Application can have a different password policy and expiration time period. User may need to remember multiple passwords to access these different external applications. Employees have complained about having too many passwords in employee surveys

  • User provisioning is not automated, changes in accesses takes days to take effect for both corporate and commercial users

  • Deprovisioning has been major concerns by client’s application and data owners

  • Requesting access via an easy self-service portal was lacking

  • Privileged account holders have access to exploit privileged access to lead to data breaches

  • No advanced authentication and fine grained authorization in place for critical resources

  • Access and Entitlement Certification has been missing for tighter governance

  • Auditors not satisfied with overall existing security controls for identity and access management

Technology Used

  • CA Identity Manager

  • CA Identity Portal

  • CA GovernanceMinder

  • CA SSO (SiteMinder)

  • CA Advanced Authentication

  • CA Privileged Access Manager (PAM)

Implemented Solution

  • RAAH gathered “As Is” and derived “To Be” states by working with Client’s Enterprise Architecture, Cyber Security and Operations teams to define, design and implement the IAM solution based on Best Practices.

  • Web Access Management and SSO solution was implemented to provide SSO for several internal and external sites.

  • Identity Lifecycle including automated provisioning and deprovisioning process was designed and implemented for both corporate and commercial use integrating with Active Directory, Exchange, Mainframe and many more

  • Solution for user to access resources on protected external web application via federated identity propagation to the Partner web application without being prompted for authentication on each resource was designed and implemented. The user’s security session information is securely transmitted to partner sites via SAML2.0 POST.

  • CA Identity Portal was integrated with CA Identity Manager for easy self-service access request

  • Critical business applications were protected by implementing CA Advanced Authentication mechanism

  • Solution for Privileged Credentials was designed and implemented using CA’s PIM and PAM products to better privileged access control

  • Certificate campaigns for Access and Entitlement Certification was implemented and launched for internal users

Benefits of the Solution

  • With SSO, internal and external users have easy way of accessing their assigned applications thereby increasing user experience and convenience

  • Identity Lifecycle Management was in place to easily onboard and offboard internal and external users

  • Critical business applications and resources were protected by automatically challenging the users more whenever the access risk goes up

  • Password reset requirement for privileged accounts was eliminated since the PAM solution masks the password

  • Having the Self-service access request and access certification provided peace of mind to the cyber security and auditors

  • Better user experience on both corporate and commercial sides with improving productivity.

Want to hear more? Give us a shout and schedule a consultation now!