Multi-billion Travel Solution Leader partners with RAAH for internal and external IAM using CA Technologies suite
- Client is the world’s only true Travel Commerce Platform, focused on providing distribution, technology, payment and other solutions for the $8 trillion global travel and tourism industry.
- Client has about 6000 internal (Corporate) Employees and Contractors and about hundreds of thousands of external (Commercial) users. These users are stored in various systems and applications having discreet management.
- Client has mix environments using on-premises, cloud based and subscription based applications for internal, B2B and B2C types.
- Each Application can have a different password policy and expiration time period. User may need to remember multiple passwords to access these different external applications. Employees have complained about having too many passwords in employee surveys
- User provisioning is not automated, changes in accesses takes days to take effect for both corporate and commercial users
- Deprovisioning has been major concerns by client’s application and data owners
- Requesting access via an easy self-service portal was lacking
- Privileged account holders have access to exploit privileged access to lead to data breaches
- No advanced authentication and fine grained authorization in place for critical resources
- Access and Entitlement Certification has been missing for tighter governance
- Auditors not satisfied with overall existing security controls for identity and access management
- CA Identity Manager
- CA Identity Portal
- CA GovernanceMinder
- CA SSO (SiteMinder)
- CA Advanced Authentication
- CA Privileged Access Manager (PAM)
- RAAH gathered “As Is” and derived “To Be” states by working with Client’s Enterprise Architecture, Cyber Security and Operations teams to define, design and implement the IAM solution based on Best Practices.
- Web Access Management and SSO solution was implemented to provide SSO for several internal and external sites.
- Identity Lifecycle including automated provisioning and deprovisioning process was designed and implemented for both corporate and commercial use integrating with Active Directory, Exchange, Mainframe and many more
- Solution for user to access resources on protected external web application via federated identity propagation to the Partner web application without being prompted for authentication on each resource was designed and implemented. The user’s security session information is securely transmitted to partner sites via SAML2.0 POST.
- CA Identity Portal was integrated with CA Identity Manager for easy self-service access request
- Critical business applications were protected by implementing CA Advanced Authentication mechanism
- Solution for Privileged Credentials was designed and implemented using CA’s PIM and PAM products to better privileged access control
- Certificate campaigns for Access and Entitlement Certification was implemented and launched for internal users