WWT employs 2,200 people in multiple office locations. To keep its workforce productive – and, increasingly, to provide richer information to customers – the company needs to provide reliable, secure access to numerous applications and analytical tools.
The company's legacy access management solution was becoming more difficult and costly to manage, and did not support a federation standard for quick single sign-on integration with web-based applications and resources. As a result when WWT looked to extend its use of web-based applications, the inflexibility of its current solution was a potential obstacle. SSO capabilities were dependent on large amounts of custom Java code, which WWT had to adapt for each new service. This potentially meant a delay of up to 16 weeks – and significant amounts of effort – to bring applications into the SSO environment.
Improving these access-management capabilities at WWT was part of a larger project around enhancing user management.
WWT selected NetIQ Access Manager to control access rights to hundreds of internal and external information resources. It selected NetIQ Identity Manager to control user identities across their full lifecycle.
Jeff Phelan, Manager of the Applications Management Team at WWT, said, "Access Manager offered all the functionality we needed, and the ability also to meet our identity-management requirements with the same vendor was a decisive factor. Also, we felt very comfortable with the Micro Focus technical team – there was a great fit in terms of our corporate cultures."
WWT is currently protecting access to around 40 applications, including Microsoft SharePoint, Oracle Hyperion, Information Builders Web-FOCUS, Kronos Workforce Timekeeper, and Oracle WebLogic Server. This environment encompasses almost 300 distinct information resources.
"Many of our protected resources are business intelligence reports provided to different groups of internal and external users," said Phelan. "Access Manager enables us to provide seamless and secure SSO access to these resources." Access Manager acts as a single solution to provide secure SSO and remote access both to on-premises custom web applications and off-the-shelf applications, as well as to cloud-based applications.
WWT rapidly integrated cloud-based soft-ware-as-a-service (SaaS) applications such as salesforce.com and servicenow.com, taking just two or three days for the basic integration in Access Manager, and less than two weeks in each case to complete the project – eight times faster than similar integrations in the past.
"Unlike our old solution, Access Manager supports SAML, making it much easier to create truly seamless SSO with external, web-based services," said Phelan.
While continuing to add services to the SSO environment, WWT is now turning its focus to deploying Identity Manager. By using this solution to automate the addition, management and removal of users, WWT will be able to sustain its ongoing rapid growth without significantly increasing administration costs.
Access Manager has enabled WWT to streamline and simplify access management and SSO, replacing a patchwork of legacy solutions and homegrown code.
"Using Active Directory Federation Services for SSO access to SharePoint was not easy, and it required ten virtual servers in total," said Phelan. "Access Manager enables us to provide the same experience, more seamlessly and without all of that complexity."
The solution also provides a consistent user experience across both internal and external applications, saving users time and effort, and avoiding confusion. "Previously, users might need to reauthenticate if they had initially logged into an external service and wanted to connect to an internal one," said Phelan. "With Access Manager, we have true bidirectional SSO."
As WWT continues to grow, the ability to bring new services into SSO in two weeks rather than sixteen will be a major benefit in reducing time-to-market and cutting internal costs.
"The key benefit from Access Manager is the flexibility and speed-to-market we now have in integrating new applications," said Phelan.