Swisscom Extranet – IAM

New identity and access management infrastructure and user management application

Swisscom’s Extranet for corporate customers has a new IAM infrastructure, including nevisIDM. In addition, AdNovum implemented an application that enables rights management by the customer

 

With the project "Generation Change Extranet" (German: "Generationenwechsel Extranet"), Swisscom replaced their user management and metadata management solution e-Services in the extranet for corporate customers. The new IAM infrastructure is based on AdNovum’s security suite NEVIS. In addition to nevisProxy and nevisAuth, it also includes nevisIDM for identity management. The new infrastructure provides both enhanced stability for the customer extranet and further extendibility for future business requirements.


At the same time, AdNovum implemented a new graphical user interface (GUI) for the user management. Based on a multi-level hierarchical role concept and the respective rights profiles, responsibilities and rights are assigned to employees of Swisscom and individual corporate customers. The customer defines a person (master user) who is responsible for the administration and assignment of rights and contracts and who is authorized to assign administration rights to additional persons (delegates).

 

Features

  • Central access management
    • Authentication, authorization, web application firewall
  • Identity management directly in the IDM system during the entire lifecycle
    • Create, modify, delete companies and users
    • Create and modify contracts. Delegate contract rights
    • Create, modify and delegate rights
    • Assignment of administration rights by master user to additional users at the customer’s (delegation of rights)
    • Automatic delegation of rights to all users of an OU
    • Mass mutation of all objects via Excel upload (users, companies, contracts, rights, assignment of rights and contracts to users)
  • Auditing and reporting:
    • Recording and displaying of actions in the GUI
      (all actions or filtered by customer, period, type of action [create, modify, …] and/or object)
  • 24/7 operation
  • Peaks with more than 3000 logins/h

Technology

  • NEVIS components (nevisProxy, nevisAuth, nevisIDM, nevisAdmin)
  • JEE6
  • JSF2 with custom components
  • Web services
  • GlassFish
  • jdk16
  • Oracle DB