IMD Gives Students Easy Access to Executive Education with ForgeRock Access Management

Transcription

1 /Customer Story IMD Gives Students Easy Access to Executive Education with ForgeRock Access Management The Challenge As the world s top-ranked business school, IMD has an extensive network of students, faculty, administrators, and alumni who all expect easy access to resources, from reading lists to reunion plans. How could IMD ensure simple yet secure access to these services? The Solution IMD worked with implementation partner SmartWave to replace its disparate legacy systems with a streamlined single sign-on and access management solution based on ForgeRock Access Management software. Benefits Enables single sign-on for authentication and authorization, supporting a frictionless user experience Seamlessly supports more than 200,000 users From students studying for their MBAs to alumni staying in contact with fellow graduates, hundreds of thousands of people have access to IMD s extensive digital resources and services. For everything from course materials and learning systems to personal profiles, IMD wanted the ability to securely federate the identities of students, faculty members, and alumni across numerous digital systems to provide easy, single sign-on access. In the past, IMD operated a variety of access management solutions that did not meet expectations around support or customization, and lacked the ability to support multiple realms for authentication and authorization. ACCESS MANAGEMENT Our approach to access management? One system to rule them all: users, devices, things, applications, and services. By one system, we mean one thing to download and deploy, complete with comprehensive access management capabilities. The typical legacy system offers a grab bag of disparate products to integrate, keeping you in the dark. ForgeRock Access Management, built from the OpenAM project, bridges the gap. You deploy once, use what you want, and incrementally extend your capability as needed without jumping through procurement and deployment hoops every time. There really is light at the end of the tunnel. Simplifies and standardizes access management processes, making life easier for administrators Copyright 2016 ForgeRock, All Rights Reserved. 1

2 Robert von Bismarck, Systems Administrator at IMD, comments: Previously, we used several different open source technologies, including Central Authentication Service (CAS) and Shibboleth, to connect users to applications and resources. Our access management solution was a combination of legacy systems that worked together more by chance than by design! This made it very difficult to manage. Charles Domenjoz, IS Systems & Network Manager at IMD, adds: What s more, the support for our previous solutions was somewhat lacking. We have a small IT team, and we don t have the time or resources to become specialists in every technology that we manage. Without that reliable and comprehensive third-party support, just keeping the software updated was difficult and time-consuming. Beyond that, we wanted to add new capabilities and protocols, and there was no easy way to do that in the existing landscape. What s more, the support for our previous solutions was somewhat lacking. We have a small IT team, and we don t have the time or resources to become specialists in every technology that we manage. Without that reliable and comprehensive third-party support, just keeping the software updated was difficult and time-consuming. Beyond that, we wanted to add new capabilities and protocols, and there was no easy way to do that in the existing landscape. AUTHENTICATION Flexible Authentication for Modern and Legacy Systems Today s competitive business environment demands flexible options that offer more protection. With ForgeRock, organizations can authenticate to any digital resource including users, devices, applications, APIs, and things. With over 20 out-ofthe box authentication modules, you can be flexible. Agents, standards, and proxies all work to empower you in multiple ways. CHARLES DOMENJOZ IS Systems & Network Manager, IMD As it planned new digital initiatives, IMD recognized that its access management platform was inadequate for providing users with single sign-on access to online services. We wanted to give users quick and easy access to all online resources and services rather than forcing them to log in several times using different systems, says von Bismarck. Based on our poor experience with community open source support, we decided to look at commercial alternatives. Copyright 2016 ForgeRock, All Rights Reserved. 2

3 All-In-One Access Management IMD worked closely with SmartWave, a ForgeRock partner, to evaluate several access management solutions. SmartWave recommended running a proof-of-concept exercise using ForgeRock Access Management, built from the OpenAM project. Von Bismarck recalls: Having worked with the SmartWave team for other directoryrelated activities in the past, we knew that we could trust them to find the right solution for us. The SmartWave team believed that ForgeRock Access Management would meet all of our requirements and they were right. Compared to the other solutions we looked at, ForgeRock Access Management is much easier to maintain, operate and support. After a two-day proof-of-concept, IMD and SmartWave were able to fully deploy the ForgeRock Access Management solution across the school s entire infrastructure. In addition to managing access to internal resources for both staff and students, the solution federates access controls to the dedicated alumni platform and other cloudhosted services, including the enrollment system for new applicants. IMD is in the process of moving its mobile applications to the OAuth 2.0 open authorization standard, and as this is already supported in ForgeRock Access Management, there is no additional work to do. There was a learning curve, but support from both SmartWave and ForgeRock was excellent, says von Bismarck. We now federate all protocols with ForgeRock Access Management, managing the single sign-on process for internal users for all applications. To access resources, users simply enter their login details on the IMD portal, and ForgeRock Access Management provides access to all the relevant resources for their individual profile. IMD also worked with SmartWave to develop middleware in.net that leverages ForgeRock Access Management in its applications using Security Assertion Markup Language (SAML). IMD then moved ahead with a full rewrite using the REST API to provide access management services to corporate applications. Von Bismarck comments: Using the API in ForgeRock Access Management streamlines our internal development efforts because we can provide access management services transparently to anyone developing a new application. FEDERATION Extend Your Reach to Broader Populations Customers, employees, and partners increasingly need to access shared services, regardless of where those services reside. With the ForgeRock Identity Platform, you can quickly extend access beyond organizational boundaries in a repeatable and scalable way. Securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols. Users can access services that span the cloud and mobile devices, on-premises and off, eliminating the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption. We now federate all protocols with ForgeRock Access Management, managing the single sign-on process for internal users for all applications. To access resources, users simply enter their login details on the IMD portal, and ForgeRock Access Management provides access to all the relevant resources for their individual profile. ROBERT VON BISMARCK Systems Administrator, IMD Copyright 2016 ForgeRock, All Rights Reserved. 3

4 Simple Yet Secure Today, IMD manages more than 200,000 identities using ForgeRock Access Management. The solution has dramatically simplified and standardized the school s access management processes, making life easier for both users and administrators. All authentication and authorization data is now rationalized and managed in a single location, bringing consistency and clarity to access management at IMD. Domenjoz remarks: ForgeRock Access Management is not only much easier to manage than our previous solution it is also simpler and more convenient from the user s perspective. All of their services now are totally integrated with the access management environment, so they only have to log in once. In the past, students used to have at least two accounts one to access their degree program portal and one to access their profiles. With ForgeRock Access Management, there is now just a single place for authentication and authorization. As the access management solution is the gateway to all digital services, keeping it available at all times is a high priority for IMD. ForgeRock Access Management provides a turn-key solution for building a high-availability landscape, saving time and effort, as Domenjoz explains: It would have been possible to build a high-availability environment with our former technologies, but it would not have been easy, and the ongoing management would have been time-consuming. With ForgeRock Access Management, it is just a matter of checking the right boxes in the configuration tool. The HA element just works, and that s great for us because having a redundant solution is really important. Von Bismarck adds: ForgeRock Access Management enables us to provide students, faculty members, alumni, and administrators with quick, easy and secure access to numerous IMD services within our online portal. The single sign-on capability has greatly improved the user experience, eliminating the frustration of re-entering usernames and passwords to access different resources and services. By extending single sign-on services to applicants, students and alumni alike, IMD is improving the end-to-end experience and enabling seamless relationships with the external world which should boost its brand loyalty in the longer term. Domenjoz comments: As part of the application process, every user gets a set of account credentials that then belong to them throughout their time as a student and beyond. It s very convenient, and it enables a seamless transition from registering your interest to study at IMD all the way through to remaining in contact with your fellow graduates. Von Bismarck concludes: We are highly confident that ForgeRock Access Management will play a key role in our access management strategy as we continue to expand the scope and reach of our online portal, and as more and more people use it on a regular basis. SINGLE SIGN-ON Your users demand fast, secure, and seamless access to your services without having to remember multiple usernames and passwords. Your organization may have multiple brands under different domains, subdomains or applications and users want to login seamlessly via mobile, with a single username and password. With the ForgeRock Identity Platform, you can enable users to log in once and have access to all systems regardless of which application they logged into first. ForgeRock Access Management enables us to provide students, faculty members, alumni, and administrators with quick, easy and secure access to numerous IMD services within our online portal. ROBERT VON BISMARCK Systems Administrator, IMD Copyright 2016 ForgeRock, All Rights Reserved. 4

5 About IMD IMD is a top-ranked business school, recognized as the world expert in developing global leaders through high-impact executive education. The school is 100% focused on real-world executive development; offers Swiss excellence with a global perspective; and has a flexible, customized and effective approach. IMD is ranked FIRST in open programs worldwide and in the TOP 3 in executive education worldwide - 5 years in a row (Financial Times ). The school is based in Lausanne, Switzerland and in Singapore. To learn more about IMD, please visit: About SmartWave SmartWave S.A. is an IT consultancy and software engineering company based in Geneva, with major service lines in the areas of: Content and Process Management, Identity Management, Integration of Service Oriented Architectures (SOA, BPA), Development of Rich Internet or Desktop Applications (RIA, RDA), Enterprise Resource Planning and Business Intelligence practice for Oracle Applications (ERP, BI), Development of corporate business applications for mobiles. To learn more about SmartWave, please visit: About ForgeRock The ForgeRock Identity Platform transforms the way billions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Paris, Düsseldorf, Bristol, Grenoble, Oslo, Sydney, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For more information and free downloads, visit or follow ForgeRock on Twitter at com/forgerock. Copyright 2016 ForgeRock, All Rights Reserved. 5