MyID – Replacing Central Access Management With a State-Of-The-Art IAM Solution
Siemens AG commissioned the system integrator iC Consult to replace the existing company-wide authentication system with a modern IAM solution. The main goals were even higher availability, speed, and security.
At a glance
Worldwide in about 190 countries
Replacing the central authentication legacy system with a new, enterprise-wide hybrid cloud solution
Products and services:
Service Layers platform,
- Highly available, secure, and rapid login through worldwide distribution
- Modern, intuitive user interface
- Selection of preferred authentication methods depending on data classification
- Very high degree of automation for efficient operation and a high degree of traceability
- Developer portal for easy integration of over 1,000 applications
- Support of various authentication methods and user-friendly multi-factor authentication
- Very fast implementation
- Very high security level thanks to cutting-edge technologies and architectures
Siemens AG is an internationally active technology group with annual sales of 86.8 billion euros (2019) and approximately 385,000 employees worldwide.
For more than 15 years, Siemens has been operating a globally rolled-out authentication process that protects hundreds of business-critical applications. However, today’s requirements in terms of availability, flexibility, and security are significantly higher than at the time of implementation. For this reason, those responsible were looking for a new, future-proof solution that would also incorporate the latest changes in the company’s structure. In addition, they wanted to optimize the flexibility of IT service by providing innovative and secure authentication methods.
These considerations had a direct impact on the selection of the future system architecture and operating model. A system operated exclusively on site was ruled out because the ambitious project duration made the use of cloud services unavoidable. The high demands on scalability and worldwide availability also spoke clearly in favor of a cloud solution.
The other end of the spectrum – a preconfigured solution based on an Identityas-a-Service platform – was out of the question due to a lack of functionalities. Integration into the existing IT landscape would also have been difficult. Siemens therefore opted for a hybrid cloud approach that combines the best of both worlds. The name of the new system: MyID.
After carefully defining the requirements catalog and comprehensively comparing providers, Siemens commissioned iC Consult in Munich to implement the project. With the Service Layers platform that they themselves developed, the Identity & Access Management (IAM) specialists have a system that is ideally suited to Siemens’ challenges. Service Layers combines the functionality of a customized IAM product – in this case, Ping Identity – with the flexibility and scalability of a cloud-based solution.
MyID is provided as a hybrid cloud service on AWS using container-based technology (Kubernetes) with a high degree of operational automation (DevOps). Thanks to paradigms such as “Infrastructure as Code” and “Configuration as Code”, changes and extensions can be made quickly at any time. Since this is done without manual administrator access to the underlying infrastructure and software, MyID offers a significant boost in terms of security and traceability, right from the start. Deployment in Germany and the USA further increases availability and ensures rapid login processes.
Head of Technology & Innovation
at the Digitalization Enablement Center,
“With MyID, we have taken the decisive step towards a secure, fast, and future-oriented authentication system. Thanks to the experience of iC Consult and the use of the Service Layers platform, this highly demanding project could be implemented on schedule. With the new system, everyone – from employees to application developers – benefits from a unique range of functions.”
Because it is provided in the cloud, and based on the cutting-edge Service Layers architecture, the service scales easily with the growing number of devices and users. The system authenticates more than 350,000 employees and business partners daily – faster, more securely, and more conveniently than ever before.
User identities are managed via Active Directory. Users log in as usual with smartcard or password and thus receive single sign-on to their applications. At the same time, this eliminates the need to set up a separate identity storage and synchronize identities with the cloud. In addition to the smartcard, users can also use the modern multi-factor authentication app PingID, which features biometric protection and is popular on mobile devices. Siemens CERT has tested the app extensively and released it for internal use within the company.
But not only users benefit from MyID. The developer portal “MyID Connect” helps application providers migrate their existing applications and integrate new apps. To do this, the developer simply registers his or her application with MyID Connect and carries out the necessary configurations. These configurations are then automatically imported into MyID in the background.
Implementation of MyID began in January 2019; the first applications were migrated from October. Until all applications were completely migrated, the old authentication system continued to be used in parallel. In addition to providing modern authentication methods, MyID will continue to support legacy applications. This migration is expected to be complete by October 2020 – and thus on schedule.
Although the solution was implemented in a very short time, users were enthusiastic from the start and appreciated its flexibility and performance. As one of the central corporate systems at Siemens, MyID supports employees in around 190 countries and 285 production facilities worldwide. It secures more than 1,000 productive applications.
Siemens’ Journey To a State-of-the-Art Authentication Platform
Get more project insights in our IAM Excellence Talk together with Siemens‘ Head of Technology Dimitri Lubenko