Skip to main content Scroll Top

Sucess Story: Media Company

Media Company Secures New Employee Portal

A large media company was planning to deploy a new employee portal for full-time and contingent staff. The portal user identities resided in multiple disparate Active Directory (AD) domains and the portal required additional information from the HR systems as well as application-specific attributes in order to provide a highly personalized experience. The portal was aggregating resources from both internal and cloud-based systems, so it was imperative to provide a secure site experience without compromising performance.

[image_with_animation image_url=”9342″ alignment=”center” animation=”Fade In” hover_animation=”none” border_radius=”none” box_shadow=”none” image_loading=”default” max_width=”100%” max_width_mobile=”default”]

Additional Technical Challenges Included:

  • A single user account might reside in multiple legacy domains
  • Traversing the legacy domains to find the proper user ID would result in the potential for duplicate records and long response times
  • The data values that were needed to join the user stores had inconsistent formats
  • Only a subset of the user base would be allowed to use Integrated Windows Authentication (IWA) and none of the directories contained an indicator flag for this permission
[image_with_animation image_url=”9322″ alignment=”center” animation=”Fade In” hover_animation=”none” border_radius=”none” box_shadow=”none” image_loading=”default” max_width=”100%” max_width_mobile=”default”]

Our Solution

SDG solved the technical challenges with a unique solution integrating Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. VDS allowed SDG to establish a layer of abstraction from the data stores and build logic that wouldn’t require any changes on the back end. CA Single Sign-On was then able to pull in VDS attributes for reference at authentication time. This architecture allowed for:

  • A union of identity data between AD and the HR database.
  • The creation of VDS Computed Attributes to manipulate data into the proper formats for user unification, authorization and authentication.
  • A custom flag in the CA Single Sign-On header to indicate which users are eligible for IWA.
  • The use of Persistent Cache to speed up authentication.
  • Federation for cloud integrated sites allowed SSO into the HR portal for users managed by external identity providers.
[image_with_animation image_url=”9343″ alignment=”center” animation=”Fade In” hover_animation=”none” border_radius=”none” box_shadow=”none” image_loading=”default” max_width=”100%” max_width_mobile=”default”]

The new directory and security infrastructure proved to be a winning combination for the media company. A universal user identity was established for all internal employees and contractors. Authentication times were kept to a minimum and, going forward, business solutions can be delivered faster and cheaper thanks to the flexibility of the virtual directory.