After a series of mergers, our client rebranded into one of the major life insurance companies in France with approximately 10 million insured persons.
Due to the diversity of the resulting IT landscape, being a mix of new and existing applications from the respective merged companies, they also had to address the challenge of a common, user-friendly, and secure Single Sign-On(SSO) feature for all collective and individually insured persons as well as for the business partner ecosystem.
As a partner of a European IAM solution vendor, COERA started implementing a cloud-based Identity and Access Management solution at the beginning of 2019.
This solution supports both B2E and B2C scenarios, facilitating companies and their employees, as well as the so-called intermediaries acting on the behalf of individually insured persons. At the same time, it creates a seamless experience to access the applications and insurance dashboards.
The impact of the merger and the great variety of user journeys through the existing applications made this project challenging where the newly envisioned brand experience had to go hand in hand with the access details of the many existing applications.
Considering the complexity of the merger and resulting IT landscape, the challenges solved were:
1. Millions of users
The solution needed to support SSO for millions of users between multiple applications and different technologies like SAML and OAuth 2.0/OIDC.
Together with stakeholders from the insurance company we defined the recommended protocols for each application and how they should be configured. In some cases, SAML was the preferred protocol, in other cases the different flavors of OIDC were selected. The criteria for selecting the appropriate choices were captured in a guideline for evaluating future applications.
2. Optimizing user onboarding flows
The merger resulted in a complex application landscape with scattered user-attributes and a complex user journey with different methods of login.
Our goal was to have SSO, smooth and single branded customer journeys with SSO and a unified view on all attributes necessary for the user’s profile. User journeys and integration scenarios were defined using API’s from the supporting IDaaS platform, giving full front-end freedom, standardized IAM patterns and creating simplified flows for user registration and password reset, as well as a single place for self-service and user profile maintenance.
3. Using different levels of assurance and step up for applications
While some applications require simple login scenarios, other applications needed a higher level of security, like accessing sensitive information.
We approached the situation with a two-step plan.
1st- In close collaboration with the insurance company’s representative we described the alternative scenarios and the technical options (using either SAML or OIDC).
2nd- We described and documented the usage of the OIDC step upto be implemented by the developers in the applications.
The results served as guidelines and API usage instructions for the developers on how and when to use step up authentication.
Results
Using a standard IDaaS platform as the IAM solution and defining a clear solution architecture, we improved customer journeys while lowering operational cost for developing, integrating, and maintaining IAM functionality.
