Ippon was engaged to help integrate a Wealth Management FinTech into one of our main customers in the finance industry. The primary goal was to increase security and automate the creation of users by integrating this new application into the company’s Single Sign-On (SSO). Ippon worked as a team of three developers closely with their architecture team to deliver this over 4 months.
It is never easy to integrate two companies that built their software solutions independently. Our challenge was to be able to add Single Sign-On (SSO) while re-using as much code as possible to minimize the impact. We also wanted a mostly seamless experience for the internal employees. The FinTech startup picked us because we have vast experience with this client and we had proven experience working with SSO and with startups.
We started by mapping the original login flow and looking for opportunities to add on the SSO login flow without disturbing the design of the application. We found a solution where we were able to integrate without changing how session management or role based access control (RBAC) worked. We added roles to Active Directory and mapped them to existing roles within the application. We were also able to map existing users by their email address so when they logged in via SSO they retrieved their existing user.
We improved the process for new users because we were able to automate it. A user used to be created via a manually filled out form by a user with elevated privilege, but now to have access to the application you just need two things: an application role in Active Directory and a valid login with SSO. Our solution tries to retrieve an existing user based on the user info from SSO and if no user is found it creates a new user.
Ippon brought in a team to help us integrate our platform into the new enterprise requirements and they did a phenomenal job understanding our custom application, determining the best steps for integration, and delivering on their promises successfully. It's been an absolute pleasure working with them!
It is a very interesting project to measure because changing the login process has very few visible changes. Only the login screen changed, and very minimally. However, there was a big impact--both in the usability of the product and in its security.
By using the company’s Active Directory, we aligned role requests and access via the company’s standards and ensured that there were peer reviews to get different levels of access. There was also an audit trail for getting access with who requested and who granted the access. You are now able to login to this application with the same credentials as you would any other application. The same password requirements are now applied consistently with regards to password strength and rotation.
From a user perspective it was now clearer how to get access. There wasn’t a special approval process. You requested access the same way you requested access to any other application within the organization. And if it was the first time you logged in, a user was created automatically for you.