In 2005, Federal Public Service Finance requested Devoteam | Paradigmo to develop an IAM solution for its employees or ‘internal users’. Over the years, the IAM services of FPS Finance have further developed and this has enabled the successful integration of an increasing number of applications.
In 2010, a second project called FedIAM, was initiated with the goal of expanding IAM services to include external users, as well as citizens and other authorized users such as accountants. The aim of the project is to authenticate these external users and provide them with access to the applications of FPS Finance. The most well-known are Tax-on-Web and MyMinFin. Devoteam | Paradigmo successfully completed this project, by using the Oracle platform OpenSSO.
In 2017, FPS Finance once again relied on Devoteam | Paradigmo to completely overhaul the IAM platform and migrate towards ForgeRock’s OpenAM solution. This is a fixed-price project delivered within the context of the IAM-related frame contract of FPS BOSA (Beleid & Ondersteuning – Stratégie et Appui).
The challenge
A successful migration towards the new IAM platform is subject to a number of factors:
- Ensuring careful planning and budgetary considerations
- Maintaining compatibility with existing system/IT functionalities
- Successfully integrating new IT functionalities
- Guaranteeing uninterrupted operational service and stability (‘uptime’) for approximately 23.000 employees as well as millions of citizens and other authorized users
The solution
Devoteam | Paradigmo executed this platform migration over the course of 2017 and 2018. FPS Finance successfully migrated to ForgeRock’s OpenAM platform running on a Linux environment – which is more modern, has increased stability and enhanced security. As a result, it was improved from grade B to grade A.
Thanks to RockKit, which is the automated deployment tool, the implementation of the new platform was even faster. The RockKit methodology makes it possible to respond to all migration requirements very quickly.
As well as the migration itself, two new applications have been added:
- A tool which provides a simulation of access requests from any user
- The second application enables the helpdesk to directly check a user’s permissions and access rights (audited impersonation), and to check that the user uses the correct access role
The migration has been successfully carried out, on time and within budget. For the most part, thanks to Devoteam | Paradigmo’s efficient work methods and the provision of additional resources when required.
The benefits
- Enhanced, secure access to applications thanks to ForgeRock’s OpenAM platform – up to date with latest security standards and more stable
- Saved time thanks to RockKit – a development and automated deployment tool dedicated to the ForgeRock Identity Platform
- A monitoring system which has been designed to be managed in house by the FPS teams, using their own tools
- Improved efficiency: no impact on users who can continue to work uninterrupted even during server reboot. This is achieved thanks to the autonomous server design and to the availability of a persistent layer in the latest solution releases