Tag Archives: Identity and Access Management

We Did It! WSO2 Identity Server is Now OpenID Certified

We thought turning 10 was a reason enough to celebrate, but we’re not done with the celebrations yet. Our Identity Server (IS) team has been working to keep that momentum going. We just became OpenID certified!

Being OpenID certified by the OpenID foundation is a big deal. What is OpenID? OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. “We’ve been compliant with OpenID standards for a long time,” says an ecstatic Prabath Siriwardena, WSO2’s Senior director of security architecture. “Getting the certification puts a stamp on it and gives the assurance users are looking for,” Prabath explains.

WSO2 Identity Server is the most extensible and fully open source IAM provider that can help connect and manage your identities. It’s a key enabler of digital transformation. Our single sign-on bridges protocols such as OpenID, has been a key component offering solutions to enterprises in education, telecommunication, and health among others.

By becoming OpenID certified, we’re joining a list of industry giants who also have this certification including Yahoo! Japan, University of Chicago, Verizon, Salesforce, Paypal, and Google. Now WSO2 Identity Server can provide the assurance to its users that it really conforms to the profiles of OpenID connect protocol.

Kudos to our IS team on this feat and looking forward to many more successes!

Ask an Expert: Catching up with IAM Guru, Prabath Siriwardena

Prabath Siriwardena, WSO2’s senior director of security architecture, has a lot to be proud of. He’s an accomplished author, speaks at conferences such as Qcon, ApacheCon, WSO2Con, EIC, IDentity Next, OSCON and OSDC, and has over a decade of experience working with Fortune 100 companies.

We caught up with Prabath recently to get his take on the significance of GDPR, the future of open source IAM solutions, his personal journey at WSO2, and why he believes the world always needs fresh ideas.

1. What has your journey at WSO2 been like, Prabath?

I completed 10 years at WSO2 last year, having joined on the 1st of November 2007. It’s been a great journey with an awesome set of people around me – both the colleagues at work and the customers.

The joy of working at WSO2 is that you always get an opportunity to help someone solve a challenging problem.”

I’ve learned a lot from both these groups. The joy of working at WSO2 is that you always get an opportunity to help someone solve a challenging problem. It can be as simple as building a federated login scenario with a SaaS vendor to more complicated use cases like building an identity architecture to accommodate millions of users. Overall it’s a very satisfying, rewarding journey – looking back, I’ve enjoyed every second of it.

2. What’s the most recent problem you’ve helped solve?

I get the opportunity to talk to and work with many WSO2 customers, each problem is quite interesting. Engaging with customers allows me to understand their pain points. Once you know their pain points, you can work with them to find and build a solution.

Let me give you one example. Recently we worked with a customer based in San Francisco, California, a large company with hundreds of departments. Each department has its own applications and an identity store. The employee records are scattered between those different identity stores – and a given employee has to maintain multiple records under each department if they have to access any of the applications provided by that department. This has been the way the company operated for several years. A real productivity killer – but, convincing 100+ departments to build a unified identity platform across the company was challenging, both technically and politically. We’ve had several long discussions with their technical teams and is now in the process of building a unified identity platform with WSO2 Identity Server, in a phased approach.

3. GDPR has surely caught on and everyone is throwing this term around. But there’s a deadline approaching and we need to act fast. What’s the simplest way an enterprise can get started and what do they need to keep in mind?

GDPR is a historical milestone in all the initiatives brought up so far to protect consumer privacy. Even though it’s more applicable to EU, it has a global impact in the way it’s designed. Becoming GDPR compliant starts with a self-assessment – understand what data you collect from your employees, partners, suppliers, customers, and any other entities you work with. Then you need to see how the data is being stored and processed. If you occupy third parties in the process of data collection – or if you share data with third parties for further processing, then you also need to worry about them being GDPR compliant. Once that’s done, you can come up with a phased approach to be GDPR compliant. It’s always recommended that you consult a lawyer or any GDPR consultancy firm to validate your approach and get their guidelines. GDPR is a law, so you should not mess with it!

There are no all-in-one or tailor-made solutions for GDPR. This is where WSO2 Identity Server has a key role to play. WSO2 Identity Server, as an identity provider, gets directly involved in processing personal data. We have made the product GDPR compliant and also provide a portal for consent management.

4. What’s the future like for open source IAM solutions?

A decade back, the IAM market was mostly dominated by Oracle and IBM. The entry barrier was high and was not justifying the cost over the benefits.

Today the number of companies occupying an IAM solution is much better. Cloud-based IAM solutions and open source IAM solutions increasingly reduce the cost of entry.

There are more than 100 Universities in USA and Canada, using WSO2 Identity Server for free, with no support from WSO2. That’s the beauty of real open source.”

According to Gartner, by 2021 open source IAM components will be used for one or more IAM functions by 30% of organizations, up from 20% at the end of 2016. Apart from open source, there are a large number of companies that use homegrown IAM solutions – around 20%. In the next few years, I would expect these companies using homegrown IAM solutions to select an open source IAM product. Unless you have a dedicated set of engineers, who have expertise on IAM, it’s hard to keep up with the pace in which the IAM industry is evolving.

Another important fact I would like to highlight here is open source licensing. Not all open source licenses give you the same level of freedom. Apache 2.0 is the most business-friendly open source license. You can do anything with a product released under Apache 2.0. All WSO2 products are released under the Apache 2.0 license and WSO2 is the 8th largest open source software company. There are more than 100 Universities in USA and Canada, using WSO2 Identity Server for free, with no support from WSO2. That’s the beauty of real open source.

5. What are the benefits of an open source IAM solution?

There are multiple reasons why someone would pick an open source IAM vendor over commercial off-the-shelf (COTS) software. At one point, COTS had an edge over the features, but no more. Most of the open source IAM products out there can compete with any COTS product, in terms of features, and of course, perform better.

Then the cost. Most of the open source products do not have any licensing cost, but a production support model. This definitely reduces the initial product purchasing cost. One key reason I see why people go for open source IAM products is the ‘freedom’.

Most of the open source IAM products out there have a proven track record. I can speak for WSO2 Identity Server, where we have many large scale deployments around the globe, for millions of users.”

The freedom to examine the source code, freedom to extend the capabilities, and freedom to make business decisions.

That’s about scalability, how about security? Irrespective of a product being open source or not, you need to worry about the security of the product. At WSO2, we put a lot of effort into building all WSO2 products in a secure manner. We use both open source (OWASP ZAP) and commercial code scanning tools (Veracode, IBM AppScan). All these tools are integrated into the build system and no product releases are done without fixing any of the reported issues.

6. How did you start working in IAM?

It just happened. When I joined WSO2 in 2007, I was assigned to the WSO2 Identity Server team. At that time it was called, ‘Identity Solution’ – and we only had 4 members in the team. WSO2 was founded in 2005, where SOAP, SOA, web services were at the top of the hype. We had a strong, solid foundation in that space. Both of our founders are pioneers in the web services domain, and authored many key web services specifications. Axis2, Synapse, Rampart, WSS4J are top open source Apache projects initiated and mostly contributed by WSO2 employees at that time. Apache Rampart is the web services security module for Axis2 – and it has all WS-Security, WS-Security Policy, WS-Trust specifications covered. Around 2006/2007 we were closely working with Microsoft for interop testing, and that was the time Microsoft came up with an open specification called ‘Information Cards’, which is based on WS-Security and WS-Trust. Since we already had them implemented in Rampart, it only needed a little more effort on top of that to build support for Information Cards. That’s how the WSO2 Identity Server was born in 2007 – and it was one of the very first implementations of Information Cards in Java.

7. What is your proudest accomplishment in recent times?

WSO2 Identity Server celebrated its 10th anniversary in December 2017. Looking back, there are many proud moments that were accomplished as a team. Today, WSO2 Identity Server is a globally recognized brand and is one of the top open source IAM products. There are more than 40 million users globally using WSO2 Identity Server for authentication on daily basis. There are more than 100 paying customers, which we are extremely proud of. Just to name a few, Nissan, HP, GE, Verizon, Vodafone, Seagate, Department of Homeland Security (DHS), Verifone, Align Tech, WEST, Nutanix, Trimble and many more. It’s extremely satisfying to see how the product evolved over the last 10 years and is now trusted by many Fortune 100 and Fortune 500 companies to build the most critical parts of their core business on top of WSO2 Identity Server.

8. What advice would you like to give a budding developer or an architect to better their career?

Failing to innovate is the biggest failure in anyone’s life. The world does not lack technical skills, but fresh ideas.”

Failing to innovate is the biggest failure in anyone’s life. The world does not lack technical skills, but fresh ideas. Fresh ideas are born when you start feeling your problems and those of others. You may choose to live with the pain or get rid of it by fixing the problem. The latter leads to innovation. There is always room for improvement, room for innovation. Capitalize on those and enjoy what you do.

You can follow Prabath here and read his blog here.

10 11 12 – WSO2 Identity Server Keeping the Bad Guys Away Since 2007!

WSO2 Identity Server turns 10 today on the 11th day of the 12th month of this year! Over the years the team has grown, research and development efforts have evolved, we’ve procured some big-name customers and various team members have gone on to publish stellar books on identity and access management.

To commemorate this day we thought we’d pick a few cool things (from a long list) about WSO2 Identity Server:

  • WSO2 Identity Server manages more than 40 million identities across the world.
  • Fully open source, WSO2 Identity Server has thousands of FREE users.
  • Mobile Connect support from WSO2 Identity Server is available for more than 900 million users in India.
  • Our first customer, ELM, manages over 4 million user identities and we’re still a part of their digital journey.
  • (Let the name dropping begin) Some of our other customers include Verifone, West Corporation, Verizon, HP, Seagate, Nutanix, T-Systems, and many in the educational industry such as Brigham Young University, New York University and Australian Catholic University.
  • We offer over 40 connectors in our connector store so that you can integrate with any system and enhance your system capabilities.
  • Single sign-on (SSO) and identity federation are our forte. You can ask any of our customers! Here’s a link to the latest version of the WSO2 Identity Server.
  • We were the winner for “Identity as a service” in 2011 at the KuppingerCole European identity awards. We also helped one of our customers to bag an award at EIC 2015 for their Mobile Connect implementation.
  • Prabath Siriwardena, our director of security architectures, is not only a renowned figure in the IAM space, but also the author of Advanced API Security, Maven Essentials and more.
  • Concerned about GDPR or PSD2? Want to know how Customer IAM can help you with digital transformation? We have got your covered for 2018 and beyond!

Congratulations to our IAM team for their amazing feats over the years and special thanks to one of our starting members Ruchith, who has gone off to accomplish amazing things! You can read Prabath’s blog to get the full low down on how we started.

iJet International: Transforming Identity Management for Increased Agility

iJet International provides customized risk management solutions, underpinned by intelligence, to global organizations for enhanced functionality and profitability. Their global intelligence experts monitor the world around the clock and empower their clients to respond to events such as natural disasters and political upheavals. The R&D at iJet is owned by their innovation arm, iJet Labs, who transformed their identity and access management (IAM) systems using WSO2’s IAM and API management capabilities. This transition was driven by a need to become more competitive, agile, and improve their business value for customers.

The pre-WSO2 days at iJet Labs were challenging, if it were to be described in one word. A centralized IAM solution was absent and in its place, there were purpose-built custom applications. As the user base increased, scalability became difficult and iJet could not always meet their various customers’ exact requirements. iJet Labs understood that it was imperative to create a centralized solution, which can be delegated to their clients to help meet their requirements and give them greater control of managing their credentials. At the time, user provisioning was a manual process. Even though this process was functional for several years, it was not necessarily user-friendly – there were examples of users repeating this process multiple times as they needed to access different types of systems.

Adding to their list of challenges, the architecture was an issue. From its inception in 1999, iJet has continually added many applications to their architecture, built on a central database. Yet again scalability proved to be problematic, as an application had to be scaled in its entirety and this was time consuming (though possible). “We are a product company, it is very important for us to market our ideas from the product team within the shortest possible timeframe. We need that market advantage, and this legacy architecture made it too difficult for us to be competitive,” says Ismail Seyfi, Lead Software Architect at iJet Labs.

iJet upgraded their architecture using WSO2 capabilities and migrated their servers to a WSO2 managed cloud. As big advocates of open source, Alfresco, Liferay, GeoServer, and Apache applications also contribute to their architecture. The WSO2 IAM platform has replaced iJet’s custom-built user and access management system. This introduction did not disrupt any existing applications, which now use proxy-based authentication. WSO2’s API management platform has enabled iJet to write microservices and replace their monolithic applications.

iJet Labs’ aspirations were not solely limited to revising their architecture, there were several deployment goals in mind as well. They wanted to build and configure an environment where new products could be developed efficiently without causing any interference to other development projects in progress. This was achieved by using an iJet development stack (which separates environments, installs software, and integrates them into one environment), base installation of WSO2 products and automated configuration. Ansible was adopted as the infrastructure and configuration tool. The positive results have become evident at iJet International. The changes have allowed them to integrate environments efficiently, provide dedicated environments to each development stream, sync environments with production, eliminate manual changes, and provide a single source of truth for configurations.

Listen to iJet International’s presentation by Ismail Seyfi and Matt Barnes (Automation and Software Engineer, iJet) for an in-depth discussion of this project.

Find out more about using WSO2’s IAM and API management platforms for business agility.

A Smarter Transport Management System for London with the Help of WSO2

Transport for London (TfL) has a daily challenge – to keep a city of over 8 million people moving around the metropolis. Its magnitude can neither guarantee the transport system will always absorb commuters nor give them a congestion-free experience. It is a place where the smallest of changes would have a massive impact on your journey. Citing an example, Roland Major, a former enterprise architect at TfL, says that a London Underground strike once saw a 3% increase in traffic and a staggering 90 minute increase in journey time. Estimates project a 60% increase in congestion around central London by 2031.

Given all these complications, TfL decided to become more intelligent with technology to reduce commuter times, make the roads safer for pedestrians, cyclists and drivers, and to slow the pace of traffic. Intelligence and data with a purpose are the buzzwords here. “We need better understanding of real-time demand. What insight can we get from our data, and how can we get innovative with all this information?” says Roland. He was actively involved with TfL’s Surface Intelligent Transport System (or SITS), a project that aims to better manage the city’s entire road space of pavements, cycle lanes, and motorways.

SITS’ business proposition is that it can offer billion pounds’ worth benefit to London by identifying delays in the road networks sooner than it is done at present: “We weren’t detecting incidents, and by the time we have detected them, they were already over. With technology, we can see these incidents early. We recognized that the market can do sensible things with our data,” says Roland. For example, within the traffic light system in London, TfL manages an estimated 7,000 junctions around the city and 14,000 magnetometers detect millions of daily events. This data is discarded after analysis; however, if used, TfL realized that the response time to delays improved by 15 minutes.

TfL has a 10 year plan in place, with all the of different required components mapped out. Data analytics form the core of this operational model. Data is obtained from GPS systems and bus routes. The road incidents are logged and used to determine what additional information is needed to understand and manage each leg of commuter journeys. All the data is hosted on the cloud and currently TfL is in the process of adding these components to the framework.

TfL’s transport management system

London’s new road management system relies on WSO2’s API management, integration, identity and access management, and analytics products for the intelligent work needed. These products are deployed on a private cloud managed by WSO2. The starting point – LondonWorks, a registry of all road works and street related events, both planned and current, in the Greater London area. LondonWorks is used to assess road networks, coordinate the various road works to minimize congestion and for inspection, compliance, and monitoring. Maps and forms of type data have been integrated to allow entry of incidents into the system and their identification on the map.

As their model progresses, TfL has ambitious plans for all the data they have streaming in – big data analytics to give them more insights to road movements, which will enable them to give the necessary alerts and empower them with smarter ways to deliver better, safer commuter experiences for London.

Watch Roland’s presentation for more details on TfL’s plans for London.

Explore the WSO2 middleware platform with its offerings in API management, integration, identity and access management, analytics, and IoT.

Did you know that WSO2 won TfL’s data analytics Hackathon contest? Learn all about it.

Building a Cloud Native Platform for CitySprint’s On the Dot Delivery Service

Picture a scenario where you are analyzing the results of a marketing survey which shows that a high percentage of consumers prefer same day shipping, online tracking of their orders, choice of shipping options, and deliveries within a specific time slot. Then you find out that retailers already fulfill around 65% of these needs, but there is a gap in the market, a gap that you can fill by offering a novel service. This is precisely what UK-based logistics and delivery service provider, CitySprint did when they developed the On the dot delivery service, which allows shoppers to receive their orders during a one hour time slot of their choice without extra costs.

“We wanted to positively disrupt the time slot delivery space. In doing so, we wanted to build an API ecosystem that sparks interaction, open new channels and reach new streams of revenue,” says Eduard Lazar, Senior Solutions Consultant at LastMileLink Technologies (a CitySprint Innovation Lab). At the heart of of this project was generating value for users and driving innovation, “On the dot is all about convenience for consumers, be it as a fulfillment method or in terms of collection and delivery time slots. We also wanted to simplify integration and create a developer community through our API ecosystem,” he adds.

Defining the key challenges was one of the first steps before introducing On the dot to consumers. To begin with, CitySprint had to move their data centers to the cloud in order to become a cloud native platform. They also had to create open RESTful APIs, enable identity federation, foster innovation so that it can result in a community of developers who will think up new marketable ideas and simplify integration. Selecting open source software is one of main tenets at CitySprint, and as such, they set about developing an open source platform made of WSO2’s API management, integration and identity and access management capabilities, using a DevOps approach. Meanwhile, the architecture was developed using Apache’s Tomcat and Cassandra, and WSO2Carbon used for continuous deployment.

By placing API management at its core, CitySprint has been able to achieve the required functionality and formed their innovation community (an interesting anecdote on the latter, a TechSprint event was organized where high profile companies sent teams of developers to CitySprint to build innovative products within 24 hours. Results have been quite amazing with an added bonus of introducing CitySprint to new leads).

From a business perspective, implementing this project was primarily underpinned by issues of costs, in addition to those of speed, integration, lifecycle, and skillset. When CitySprint introduced more complexity into the system, this also meant they potentially introduced a time lag. Yet, can this platform control costs through simplification and reuse? Is there a way to save time by simplifying integration? Is the skillset future proof? Can they model the whole lifecycle?

The result – On the dot – answers all the above with a yes. On the dot cloud native platform has empowered CitySprint to enter the market with an adaptable platform, which allows developers to self-sign and begin using the APIs, it is integrated as there are multiple systems working together, they have also connected data and devices, integrated platforms with those of their partners, and connected the user experiences of both customers and partners. Following their successes in the UK, plans are underway to make On the dot a global phenomenon and CitySprint is certain they can achieve this with the right technology.

If you need more details on how CitySprint made On the dot, watch their presentation.

Learn more about WSO2’s API management, integration and identity and access management capabilities.

State of Arizona: Introducing a Statewide Private PaaS to Improve Efficiencies and Trim Costs

Government institutions across the globe are using cloud-based technologies to add value to citizens and improve their functionality. The State of Arizona is no different, having built the Arizona Enterprise Services Platform (AESP) to reduce costs, improve efficiencies and foster sustainability in the long term. With over 32,000 state employees, 170 business units, over 1,400 IT professionals, and over 100 data centers/server rooms, a transformation of this scale was challenging. Yet, Prasad Putta, the director of enterprise technology services at the Arizona Strategic Enterprise Technology (ASET) office in the State of Arizona who oversees this project, saw an opportunity for improvement and seized it.

ASET is responsible for IT strategy, enterprise capabilities, policies/procedures, and managing high-risk, high-funded projects. AESP was rolled out as an answer to several questions: “How do we not start projects from scratch, stop re-inventing the wheel all the time, and have better data sharing practices? What can we do about redundant solutions throughout the enterprise, ease up license cost payments and solve security issues?” asks Prasad. With these in mind, Prasad and his team had a clear set of objectives they wanted to achieve. At the top of the priority list were cost reduction and sustainability as being a public institution, accountability was a key consideration. Other objectives included the enforcement of standards, revenue generation from data and services, a profitable mechanism for data sharing, allowing better data discoverability, risk reduction, and ease of development/maintenance from a developer’s perspective.

To address these requirements, ASET turned to the public cloud and decided to implement AESP as a private PaaS. The team at ASET was not looking to replace all the applications, rather prefered custom applications across the state agencies. They were also looking to expose data through APIs for private consumption, make the collaboration environment API-centric across the state, shorten their development cycle and ensure all the data is private to the state to mitigate any security and compliance risks. ASET was also looking at economies of scale as not all of the hundreds of applications were fully utilized at one given time. Their existing architecture was entirely hosted on AWS, but for the revamped architecture, AWS was limited to the infrastructure while the rest was built by using WSO2’s integration and identity and access management capabilities.

Introducing AESP brought with it another set of challenges. With agencies working independently, they had to be convinced to opt-in for this platform. Additionally, round-the-clock support was needed along with the right pricing model. Fortunately, AESP found the successful strategies and has several applications in the pipeline now. “Size the menu right” is one of Prasad’s analogies for success, i.e. to reduce the scope of applications to the most sought after ones. Initially, his team spent 30% to 40% of their time maintaining the sheer volume of applications, which is now handled by WSO2’s Managed Cloud. Several issues, such as the pricing model, are still work in progress, but buoyed by the successes, Prasad foresees a busy future.

For more information, watch Prasad’s full presentation at WSO2Con USA 2017.

Find out more about how you can use WSO2’s integration and identity and access management capabilities to improve your organization’s operational efficiency.

Nutanix: How WSO2’s Identity Server Enhanced Customer Experience

Nutanix is a leader in hyper converged systems with a mission to make infrastructure invisible by delivering an enterprise cloud platform that enables you to focus on the applications and services that power your business. At WSO2Con USA 2017, Director of SaaS and Tools Engineering at Nutanix Manoj Thirutheri explored how WSO2 Identity Server helped them enhance their customer experience to stay competitive against large vendors like HP, Microsoft and Cisco.

Nutanix provides over 4450 customers across the globe with a hyperconvergence appliance that has storage, virtualization and network components overlaid by an intelligent software layer in order to minimize the need for infrastructure. “Customer experience is the last mile of digital transformation,” Manoj said while stressing on the importance of creating an integrated ecosystem of customers and partners to be successful. They currently maintain multiple web portals for customer support, partner support, and the community. One of their top priorities is to make customer experiences as simple and seamless as possible. They needed to create a more seamless sign-on experience for their portals and mobile apps to maintain growth.

Because of the speed at which Nutanix was growing, many identity silos existed, which meant the same customer was identified in multiple ways. They had non-standard and insecure authentication and authorization mechanisms in place which made them vulnerable and hindered their user experience. Furthermore, their ability to be agile and innovate fast was deterred by the proprietary technology they used, which was not open or extendable. “The bottom line is, we didn’t know what our customers or partners were doing. We were lost,” notes Manoj. Having a 360 view of their customers’ activities and keeping track of them across the different portals were key requirements of their solution to these challenges.

As shown in the diagram below, Nutanix used WSO2 Identity Server to overcome their major identity and access management challenges. Manoj then explained the architecture from the bottom up. The highly available WSO2 Identity Server cluster is load balanced across multiple regions for high redundancy. Next, they built an intelligent API layer, which exposed all the APIs including user management, tenant management, service provider and identity provider APIs. By doing so they avoided vendor lock-in and didn’t couple their functionality to any technology, be it open source or proprietary. The third layer consisted of their own entitlement system called My Nutanix where customers and partners register and access the service providers. The green boxes at the top depict the service providers including the following:

  • The customer portal enables customers to access the services offered in My Nutanix.
  • The partner portal allows partners to perform deal registrations among other things.
  • The community portal is open source and can be used by anyone. Here, they use WSO2 Identity Server to authenticate the users through basic OAuth over Transport Layer Security (TLS), which allows them to track the users and gain new customer prospects.
  • They also have the educational and training portal in addition to many other service providers that are still in development.

Nutanix currently uses many industry standards for authentication including OAuth 2.0, OpenID Connect, and SAML 2.0, which are all supported out-of-the-box by WSO2 Identity Server. They also use WSO2 Identity Server for Just-in-Time (JIT) provisioning of users. Nutanix performs SMS-based multi-factor authentication (MFA) by using WSO2 Identity Server connectors to integrate with Twilio, which allows you to programmatically send and receive text messages using its web service APIs. In addition, they integrate with their partners through the Active Directory Federation Services (ADFS) provided by WSO2 Identity Server.

Apart from these implemented features, Nutanix is working on leveraging more capabilities of WSO2 Identity Server. They will soon bring in multi-tenancy because every customer has their own tenant with their own isolated roles. They will also experiment with a service-based authentication, a fairly new concept to them, which uses certificates to authenticate the user and creates the service accounts within WSO2 Identity Server. As Manoj states, “Two services, no human interaction”.

Having a product that is open source, supported multiple security protocols, and can scale was key. WSO2 Identity Server met all these requirements. WSO2 Identity Server helped create a seamless single sign-on experience for their customers, partners and prospects, while keeping track of all their actions. A key advantage that helped sustain Nutanix’s rapid growth was WSO2 Identity Server’s high scalability and availability and its ability to support a rapid increase in the number of users from 1000 to 100,000 in just two years. It met all of Nutanix’s requirements including out-of-the-box support for many standard protocols, multi-factor authentication (both SMS-based and Google authenticator), identity federation, multi-tenancy and tenant management. Furthermore, Nutanix also used WSO2 Managed Cloud, which provides excellent support.

“We now have a bunch of happy customers and partners. We ourselves are also very happy with WSO2 Identity Server,” Manoj added.To learn more about how Nutanix leveraged WSO2 watch Manoj’s talk at WSO2Con USA 2017.

West Interactive: Using WSO2 Identity Server to Enhance Customer Experience

Headquartered in Omaha, West Corporation is all about telecommunication – be it conferencing solutions, safety services, interactive voice response solutions or speech application automation. Pranav Patel, the vice president of systems development at West Interactive, recently spoke at WSO2Con USA 2017 about the unique customer experience they offer through their multi-tenanted role-based identity and access management solution built using WSO2 Identity Server.

An increasing numbers of users today are turning to various different channels like the web, mobile devices, and social media to interact with vendors. Pranav explained that knowing the customer and making sure that they can access West Interactive’s services from whichever channel they prefer is a key requirement for them.

West has been in the telecommunication industry for the last 30 years, and quite commonly, have many solutions that are siloed and distributed. Connecting all these solutions was a major challenge they needed to overcome in order to provide a holistic experience to their customers, explained Pranav. This meant dealing with and managing various different identities that belonged to many different customer portals. They needed to create a solution that revolves around centralizing user identities to a single user portal and creating an efficient identity and access management system.

Pranav then examined the requirements they needed to meet in order to achieve operational efficiency, easily manage accounts, save costs, and provide great customer experience. Other than the evident single sign-on and federation requirements, multitenancy with hierarchical tenant management was an important feature that enabled them to serve all their tenants (a client of West represented as a domain in the system) and users (individuals that require access to the portal and are grouped at the tenant level) through their portal. The system also needed to enforce rule-based access control that allows access to certain products (web applications that need to be integrated) depending on who the user is. In addition to this, they had corporate policy requirements for passwords, needed to maintain password history and had a password expiry date that prompted users to frequently change the password. Audit logging and user bulk imports were some other requirements.

“WSO2 fulfilled several of our requirements out-of-the-box, especially support for various protocols and heterogeneous multiple user stores,” observed Pranav. He went on to explain that they could easily extend the product and customize it for any features that it didn’t already have, making it the perfect solution for West.

WSO2 Identity Server is used for

  • Introducing a relationship hierarchy between the parent tenant and child subtenant and allowing multi-tenancy
  • Asking for and storing answers to five security questions per user
  • Defining permissions or roles for products (web applications) and users
  • Providing single sign-on and federation for users
  • Allowing employees to mimic a user and see how they perceive the user portal
  • Enforcing password policies set by tenants

Pranav expressed how WSO2 Identity Server meets all their current requirements and how they would like to introduce customizable login pages (by tenant), two-factor and multi-factor authentication, automated user provisioning and self-registration among other features in the future. He concluded by saying they were looking forward to adding WSO2 Data Analytics Server to the mix in order to monitor what’s really going on in the system.

To learn more about West Interactive’s story listen to Pranav’s talk at WSO2Con USA 2017.

What Does WSO2 Identity Cloud Bring To The Table?

One of the things we spoke about at WSO2Con this year was the expansion of our  WSO2 public Cloud offerings. One of those offerings is WSO2 Identity Cloud, which provides the Identity and Access Management (IAM) solution from our well-known WSO2 Identity Server with the ease of use of a cloud service.

Our Initial offering is focused on providing Single Sign-On (SSO) solutions for organizations. Almost all organizations use different applications, either developed in-house or hosted applications like Salesforce and Concur. Having a centralized authentication system with SSO for all the applications increases the efficiency of maintaining systems, centralize monitoring and company security, while also making users’ lives easier.

What are the features offered by WSO2 Identity Cloud?

  • Single Sign-On support with authentication standards – SAML-2.0, OpenID Connect, and WS-Federation.
  • Admin portal provided for organization administrators to log in and configure security for applications. Pre-defined templates of security configurations are available by default for most popular SaaS apps. This list includes Salesforce, Concur, Zuora, GotoMeeting, Netsuite, AWS.
  • On-premise-user-store agent. Organizations can connect local LDAPs with Identity Cloud (without sharing LDAP credentials with Identity Cloud) and let users in the LDAP to access applications with SSO.
  • Identity Gateway.  Act as a simple application proxy that intercepts application requests and applies security checks.
  • User portal. Provides a central location for the users of an organization to log in and discover applications, while applications can be accessed with single sign-on.

Why you should go for a Cloud solution?

If you have following concerns, then a cloud solution is the best fit for you.

  • Facilitating infrastructure – you don’t have to spend money on additional infrastructure with the Cloud solution.
  • System maintenance difficulties – If you do an on-premise deployment, then there should be a dedicated team allocated to ensure the availability of the system and troubleshoot issues; with the Cloud solution, the  WSO2 Cloud team will take care of such things.
  • Timelines – Identity Cloud is tested, stable solution. This will cut down the deployment finalizing and testing times that you should spend on an on-premise deployment.

With all of this comes cost savings, especially because there’s no cost involved for infrastructure or maintenance with the cloud solution.

You can register for WSO2 Identity Cloud and try out for free – http://wso2.com/cloud/ and give us your feedback on bizdev@wso2.com or dev@wso2.org.