Case Studies

Two Factor Authentication with External Identity Providers

Share this page

Technologies Used

Identity Server 3

100% 100% Complete

OAuth2

100% 100% Complete

OpenID Connect

100% 100% Complete

MVC

90% 90% Complete

WebApi

90% 90% Complete

EntityFramework

90% 90% Complete

SQL Server 2012

60% 60% Complete

HTML5

70% 70% Complete

CSS3

70% 70% Complete

Modernizr

60% 60% Complete

Angular material

80% 80% Complete

Angular

80% 80% Complete

JQuery

60% 60% Complete

Glimpse

60% 60% Complete

Castle Windsor

70% 70% Complete

ASP.NET Boilerplate

80% 80% Complete

XUnit

90% 90% Complete

Two Factor Authentication with External Identity Providers

The Client

A key Central European insurance company with branches all across Eastern and Western Europe.

The Problem

The company had several different systems used by both clients and business partners. Each application authenticated its clients in its own way. This resulted in an inability to track or consolidate logins across the different systems, and meant that there was no easy way for clients and business partners to access all the services the company provides. Users often had to create multiple accounts for different applications and some of them even needed business approval multiple times.

Business partners in particular, had been requesting for some time for the ability to login using their own systems and adding this capability, in addition to making the login process consistent across all services, was seen as key to any solution.

The Solution

A new authentication server was introduced into the business, and configured and customised to fulfil the business’s needs. This server provides industry standard integration points to allow authorised external systems to use it for authentication. External providers were also plugged into the server to allow users to authenticate with external accounts.

Consistent Login

ExternalAuthentication_ConsistentLogin

External Systems

The clients other business applications were updated and their existing login screens were replaced with those from the new server.

The client's business partners with compatible authentication servers were configured as external identity providers.

Secure by design

Following industry recognised protocols, and with the smallest technological footprint possible – the possible attack surface for hackers was deliberately minimised to protect this most valuable of information. The server underwent a full set of PEN testing before its live release, and can be updated quickly as additional threats are identified and mitigated.

Following industry recognised protocols, and with the smallest technological footprint possible – the possible attack surface for hackers was deliberately minimised to protect this most valuable of information. The server underwent a full set of PEN testing before its live release, and can be updated quickly as additional threats are identified and mitigated.

Scalable

The system was designed for potential scalability. The server was self-hosted by the client with an option for load balancing.

Alongside the Identity system, a management tool was provided to make sure that new business applications could be connected easily with the correct user permissions assigned.

The management tool also contained an API that allowed authenticated & authorised backend systems to securely manage user permissions and look up information programmatically.

The Technology

The server is an MVC application, and the management tool is an MVC application with embedded WebApi services. The authentication server was based on Identity Server 3 architecture with full support of OAuth2 and OpenID Connect protocols. The management tool front end was build using cutting edge HTML5 technologies. The system was unit tested with XUnit.