<< Back to Success Stories

A Fortune 100 Media Company


The Project


A large media company was planning to deploy a new employee portal for full-time and contingent staff. The portal user identities resided in multiple disparate Active Directory (AD) domains and the portal required additional information from the HR systems as well as application-specific attributes in order to provide a highly personalized experience. The portal was aggregating resources from both internal and cloud-based systems, so it was imperative to provide a secure site experience without compromising performance.



Challenge
  • A single user account could reside in multiple legacy domains
  • Traversing the legacy domains to find the proper user ID would result in the potential for duplicate records and long response times
  • The data values that were necessary to join the user stores had inconsistent formats
  • Only a subset of the user base would be allowed to use Integrated Windows Authentication (IWA) and none of the directories contained an indicator flag for this permission
Solution
  • Leverage Radiant Logic Virtual Directory Server (VDS) to create a union of identity data between AD and the HR database
  • Leverage the VDS Computed Attributes feature to manipulate data into the proper formats for user unification, authorization and authentication
  • Place a custom flag in the SiteMinder header to indicate which users are eligible to use IWA
  • Activate Peristent Cache to speed up the authentication process
  • Implement federation for cloud integrated sites to allow SSO into the HR portal for users managed by external identity providers


The Results

CoreBlox solved the technical challenges with a unique solution integrating Radiant Logic Virtual Directory Server (VDS) and CA Single Sign-On. VDS allowed CoreBlox to establish a layer of abstraction from the data stores and build logic that wouldn't require any changes on the back end. CA Single Sign-On was then able to pull in VDS attributes for reference at authentication time.

The new directory and security infrastructure proved to be a winning combination for the media company. A universal user identity was established for all internal employees and contractors. Authentication times were kept to a minimum and, going forward, business solutions can be delivered faster and cheaper thanks to the flexibility of the virtual directory.