Case Study: CIAM in Insurance
Challenge
A major insurance company in the US wanted to provide their customers with an online portal where customers could view their insurance policies, make payments, and so forth. This portal needed to be accessed through a browser and a native mobile application. The overall solution had the following high-level requirements:
- Support all users that have purchased a policy – this can include employees, external users who are consumers and corporate clients
- Scale to support millions of users
- Support self-registration with validation against an internal API
- Allow external users to authenticate against the IAM system while employees can SSO using the corporate identity provider (IdP)
- SSO to core business applications such as Guidewire
- Self-service forgot password functionality
- Help desk role to allow help desk staff to manage support questions
- Impersonation functionality for the help desk staff
- Audit and the ability to export audit events to a central system
- Reporting
Solution Overview
OpenIAM was selected as the Customer Identity and Access Management (CIAM) platform for this solution.
Single sign-on
Some of the core business applications supported standards such as SAML and OpenID Connect (OIDC). These applications were integrated with OpenIAM using the out-of-the-box support for SAML, oAuth and OIDC. The OpenIAM reverse proxy (rProxy) was used to provide SSO to applications which didn’t support one of the federation standards. The rProxy also provided an extra layer of authorization by enforcing RBAC policies for the integrated applications.
User onboarding
To gain access to the solution, two methods were supported based on the type of user:
- External users: These types of users would register using the self-registration page. The out-of-the-box self-registration functionality was used with the integrated workflow engine to validate the user’s information against an internal API to confirm identity, policy numbers, etc. Upon successful validation of this information, the user accounts were provisioned into the system..
- Internal employees: These users had the option to use the self-registration page or they could use the just-in-time provisioning feature with SAML if they federate into the portal. In this case, the SAML request included attributes that were needed by the validation process.
Mobile application
The customer provided their clients with a custom mobile application. The mobile application was upgraded to leverage OpenIAM for authentication, authorization, and user management. This integration was performed using OpenIAM’s REST API.
Self-service password reset
To manage both the end-user experience and help desk volume, OpenIAM’s out-of-the-box self-service features were used to provide end-users with tools to manage their passwords and address cases such as locked accounts and forgotten passwords.
Help desk
For help desk users, a role was defined in OpenIAM to provide help desk staff with access to manage user profiles. It also enabled impersonation which allowed help desk staff to see what end-users were experiencing and further accelerate the time needed to resolve support issues.
Reporting
OpenIAM’s out-of-the-box reporting met their audit and compliance needs. Select audit events were exported in near real time to the central audit repository.
Summary
The OpenIAM solution is now in production and supports a rapidly growing number of customers. The solution meets the business requirements, and the business has a platform that will evolve with their changing needs in an industry that is heavily regulated.
Let’s connect
Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.
For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.