Proximus is Belgium’s largest national telecom provider. It provides telephony-, tv-and internet-services to more than 45% of Belgium. A well-established IAM solution is necessary to keep things running smoothly with such a large userbase. IdentIT’s journey at Proximus started by migrating from a legacy solution that no longer met the expectations, to a new flexible and modern IAM product.

In the beginning, ForgeRock was used to create the flexible customer facing web-based solution which, over time, has evolved and now includes multiple ForgeRock platforms within the company.

The Challenges

The legacy IAM platform was a mastodon of customized login flows and distributed databases. The impact on maintainability, performance and administrative leaves no room for imagination. The migration to ForgeRock, meant that a lot of these customization could be replaced by out-of-the box features. This migration, however, was no simple task and required the extensive knowledge of IdentIT’s consultant team.

Centralizing the distributed databases, had to be done in a way that it did not impact the deep-rooted process at the company. A lot of applications used their own database of users and were supposed to continue working until they were ready to move to the new solution.


The Solution

Access Management

Forgerock’s Access Manager (AM) is used to support the flexible authentication mechanism of the platform. They range from out-of-the box single-factor authentication mechanism such as username and password, to modern and secure multi-factor authentication with TOTP (for instance Google Authenticator).
Even extensively modified login procedures, such as processing data form third party systems, or integration with the Belgian Mobile Identity Provider ItsMe were made possible using AM.

Identity Management

Centralizing the distributed customer data was achieved by introducing an Identity Manager that is connected to all legacy databases. That way data can be centralized over time, without interrupting the established business processes. Eventually, and at the pace of the company, these legacy databases can be replaced by the flexible micro-service system on top of IDM that provides a high-performance interface for all applications.

In order to meet the needs of Proximus, the identity manager still contains many Proximus-specific customizations. The IdentIT team, however, continues to provide best-effort support for these extensions by maintaining and providing useful information that aids their migration.

Identity Gateway

The ForgeRock Identity Gateway is the main entry point for the IAM platform. It is used to protect both legacy and new application using modern federation mechanism such as OAuth2 and Open ID connect and older techniques such as head-based authorization.
Identity Gateway is an ever evolving product that we, as IdentIT, strive to follow in its tracks. Whenever new features are made available that are relevant for the platform, we make it our top priority to integrate them into the solution.

DevOps

Establishing a DevOps way of working by introducing several solutions that can leveraged by all developers was one of our key targets during the later phases of the project. A state-of-the art solution was created using enterprise-grade products. It provides easy, one-click interfaces to deploy and configure environments at will.

Such automated deployments reduce the amount of human errors and reduces the time-to-market by relieving the burden on the developers.


Future

Our ultimate goal at Proximus is not only to construct a strong foundation for future IAM principles, but to deliver a product that is future-proof, secure while providing maintainability and flexibility.

We do this by setting up the platform, configure it according to best practices and transferring our extensive knowledge base of ForgeRock products to the client.