IAM:

An expert

Yes we are. We are WedaCon. Your experts for a wide range of IAM solutions from development to implementation.

16.06.2015 - 'do good and talk about it'-series, volume 12

Since 2001, WedaCon Informationstechnologien GmbH is helping its customers to reach their goals regarding everything related to identity and access management (and access governance, to be complete). In this series, we would like to give you as the valued reader a quick overview on what we have achieved. Other just call it 'Success Stories'. Today we will talk about...

 

Password SelfService Portal

Challenge

Imagine you are working in an environment which faced an incredible grow during the past few years, and everyone was just happy to work, and do not have to bother about security and passwords. In fact, many users are still working with their initial password, and no real feeling about security is available. How do you bring security awareness into such an environment?

Design

Imagine you are working in an environment which faced an incredible grow during the past few years, and everyone was just happy to work, and do not have to bother about security and passwords. In fact, many users are still working with their initial password, and no real feeling about security is available. How do you bring security awareness into such an environment?

Implementation

Beside the processural work, we developed and implemented a fork from an open-source password portal, and extended/ adjusted a couple of functions to allow the user

  • to set his own security level (and based on this a password policy)
  • to allow password self service (2-Factor password reset using device and/or Challenge-Response functions)
  • and automatic assign/ deny groups and profiles based on the chosen security level

Operation

Today, the Password SelfService is rolled out and used by more than 20000 users. During the first 2 month of operation, we had an overall of 26 errors and incidents only, mainly because of failed synchronization of password details into connected systems.
The next phase will be used to extend the usage of the security levels to other systems and resources. Plans are available to extend this concept further by deny (writeable) access to areas with lower security level, if you are currently working in a higher level; a concept we already implemented for another customer years ago.



Feel free to contact us via dgatnullai@wedacon.net