The Challenge
The agency’s pool of over 7,000 employees and contractors accesses 30 custom-built and non-integrated business applications. These range from HRM, accounts, fleet, MIS to supply chain etc. A non-standardized authentication and unified access management posed significant security risk as well as frequent IT troubleshooting. A streamlined and secure solution was essential for a company providing critical services for a megacity.
The Solution
Open-source SSO solutions are readily available, but deployment configurations vary with use cases. With an optimized IT budget, our client didn’t possess the in-house resources for deployment. Our off-the-shelf solution SSO One was already serving environments comprising over 50,000 users at a non-profit and university. Supporting a wide range of authentication protocols and configurability, it is designed to meet the demands of most modern IT-enabled workplaces.
We presented the client with a free demo of SSO One with all capabilities enabled, allowing them to experience the full suite of features beforehand. A solutions brief for management buy-in followed. With the acquisition of domain, SSL, test and production servers, integration for 26 core apps was underway in late 2024.
- Legacy System and Database Challenges
The core applications were built on 11 different platforms, including pre-2010 versions of Oracle APEX and Forms. This diverse techstack presented a host of challenges in terms of protocol compatibility, session management, and platform limitations.
Our engineering team addressed these challenges by first assessing the authentication methods of each application and developing custom adapters for the legacy systems. We implemented token-based authentication and integrated modern standards like SAML and OAuth to ensure seamless session management across all platforms.
Credentials and other user information were scattered across the applications and a central HR database. Users maintained multiple login credentials ranging from employee IDs, emails and arbitrary usernames. An SSO Admin on client’s end was appointed to accumulate the login credentials of a selected cohort of users representing the widest usage footprint of the ecosystem. This group was assigned with unique SSO IDs for trial runs.
- Expert Consultation and Strategic Recommendations
The client initially proposed an “authorization-first” approach, which would prioritize defining user roles and permissions before implementing authentication. We highlighted that this could significantly increase development time and costs due to the extensive customizations required for their legacy applications.
The project aimed towards a strong authentication-first approach and build toward authorization progressively. This would ensure that security and scalability were prioritized without causing delays. Several third-party vendors are involved in the development and maintenance of the client’s core applications. We provided extensive training and documentation on source code integration of their applications with the SSO.
Impact
The project remains on track for completion in 2025, with full deployment expected to enhance operational efficiency and bolster security across the applications. At the time of publishing, six applications were integrated with 20 more in the pipeline.
Our integration of SSO One with the client’s suite of business applications will reduce time spent on IT troubleshooting and unify the user authentication process. By starting with a strong authentication model and progressively implementing authorization, we’re ensuring that their systems are both secure and user-friendly.
This partnership exemplifies our commitment to delivering solutions that meet the unique needs of public sector organizations, enabling them to serve their citizens more effectively and securely.
About The Author
Jonathan Das
Communication Manager
Jonathan Das is a Communication Manager specializing in solutions storytelling and product marketing. He’s previously worked in brand and social media management, fund-raising, and audio-visual production roles with consumer brands, global non-profits, and startups. Jon holds a BA degree in communications from University of Liberal Arts Bangladesh. He enjoys making music, going on long walks, and reading about culture and technology.
