Share this post:
As we have described the situation that many of our customers are in today, and our proposal for a better future state, we come to realize that for many, this transition is a journey, and a single big bang transition is not practical for many. This blog entry will outline an approach to start such a journey and to gain value quickly.
Moving the Registry
A first start would be to move the user registry from on prem into the cloud. This allows you to offload a large operational burden related to the tuning, scaling and operations of a large database or user registry. The following diagram will show the components and their interactions related.
In this initial step, only the Portal specific code has to change to leverage the REST API’s of the cloud to perform authentication and user management using the API’s. This step is completely transparent to any existing user and supported portal application.
Moving Authentication and adding Enhanced Access
The next step is to move authentication into the cloud, which not only moves it, but this step allows the integration of new Enhanced Access controls such as multi factor authentication, one-time password operations, etc. Integration between the CI components and the customer portal would leverage the openID connect protocol.
With this step, any new capability related to the authentication can be easily adopted and integrated, all features (existing and new) of CIV can be leveraged as soon as they become available. The ability to customize and brand the CI pages allows the authentication portal to be integrated with your application portal in a frictionless and seamless manner.
From an operational perspective the CI portal can be integrated with an existing on prem directory to manage and grant access to the help desk team to manage customer identities. This capability would be restricted and tightly controlled natively by the CI application and enable to business to control and audit customer identity operations.
Portal in the Cloud
In this step, the portal itself will exist in the cloud, leveraging the CI capabilities in managing users and access, as well as authentication and access control. The ability to brand and manage the look and feel of the portal allows for a seamless integration with your existing enterprise web presence. The only portal component remaining on prem is a proxy component that allows existing applications to be access using the openID connect protocol. Allowing these applications to be accessed like any other “cloud” application.
This journey to the cloud, represents an executable approach to moving an existing portal.
In the next part of this series we will take a look at one of the complicating factors that we see when trying to move a portal to the cloud. In many cases, we have encountered customers that access an existing Identity Registry directly, using the LDAP mechanism.