Identity Management

5 Key Reasons for Adopting a Centralized Identity Management System

1) User Management System (CIAM)

Consolidation of all users into a single management point. A CIAM allows us to create a unified repository or integrate all existing users. It enables easier and more secure user management, simplifies password management, and supports repositories like LDAP, Active Directory, or other databases.

2) Security

Consolidating all users into a specialized security-focused point with modern security mechanisms reduces security breaches. Multifactor authentication (SMS, email OTP) and adaptive authentication (based on IP, device) enhance security for all applications.

3) Support for Multiple Identity Providers

A modern CIAM supports external Identity Providers such as Social Authenticators (Facebook, Google, OAuth2) and institutional providers (Taxisnet Login, Shibboleth, eIDAS nodes). Users can select preferred IdPs per application.

4) Integration of All Applications into a Common Point

An Identity server supports OAuth2, SAML2 for web/mobile applications, and REST APIs for legacy desktop apps. These technologies ensure the security of IoT devices as well.

5) Compliance with Standards and Regulatory Frameworks

Built-in support for GDPR (user consent management, user dashboards), PSD2, and eIDAS ensures compliance with industry regulations, improving overall security and user data management.

WSO2 Identity Server

One of the solutions our company uses for Identity Management is the open-source product WSO2 Identity Server, for which we provide support for the community edition.

Characteristics

  • Support for OAuth2, SAML2, OpenID Connect, Passive STS protocols
  • Inbound Provisioning for incoming users
  • LDAP, AD, JDBC as Userstores
  • User registration with external identity providers (Outbound Provisioning)
  • Identity Federation (Facebook, Yahoo, Google, GSIS)
  • Claim mapping from Federated IdPs to the local scheme and from the local scheme to Service Providers (applications)
  • APIs for third-party application development
  • Identity Analytics
  • Kantara Consent Management support
wso

Clients using WSO2 Identity Server

Currently, the WSO2 Identity Server software is installed and serves thousands of users daily at the Municipality of Chania, the Municipality of Heraklion, and Aristotle University of Thessaloniki. The applications of these organizations are integrated with the user management system, allowing users to access all applications with a single set of credentials. Users maintain a central profile, and their attributes determine their access permissions for each application.

More specifically

  • One account for all applications
  • Centralized management of permissions and roles
  • Implementation of centralized access policies
  • Ability to log in with external identity providers
  • Option for users to change their passwords
  • User profile application containing all user details
  • Use of SMS in addition to a password for application login
  • GDPR compliance
wso

Keycloak Software

Keycloak is an open-source software product that enables single sign-on (IdP) with identity management and access management for modern applications and services. This software is written in Java and supports identity federation protocols by default, such as SAML v2 and OpenID Connect (OIDC) / OAuth2. It is licensed under Apache and is supported by Red Hat.

Characteristics

  • Compatible with LDAP and AD as an external user repository
  • Supports Identity Federation
  • Supports OpenID Connect, OAuth 2.0, and SAML 2.0
  • Strong authentication with built-in one-time password (OTP) via FreeOTP or Google
  • Authenticator
  • REST API
  • Fine-grained authorization
  • Password Policies
  • Extensible: user database, authentication methods, protocols.
wso

Clients using Keycloak

We are subcontractors for GNOMON SA, responsible for the maintenance of the user management system for KLEEMANN, a company employing 1,500 people both in Greece and in production units abroad, with exports to 100 countries.

More specifically

  • Support for High Availability through a clustered environment
  • Full Dockerized deployment
  • Software upgrades to the latest version
wso

The case of Aristotle University of Thessaloniki (AUTh)

The case of Aristotle University of Thessaloniki (AUTh) is a particularly complex project where we were called upon to provide a solution for upgrading the existing infrastructure managing 90,000 users with different roles such as students, faculty members, employees, suppliers, and external collaborators, as well as defining their rights across more than 200 applications. In this project, we had to connect the people from various third-party applications, such as those from the faculty secretariats and the student registry, the human resources department, and the program management entity, through a central unified system with the various applications.

Important Characteristics

  • Automatic updating of attributes from the personnel management applications
  • Automation of access rights based on the title and position of each individual within the organization.
  • Creation of a registration application with user authentication from third-party systems such as the General Secretariat for Public Administration (GGA) and HDIKA.
  • Verification of mobile phone and email during registration
  • Enhanced protection with the use of TAXIS codes or login via SMS.
wso

Prosvasi 2 Software

  • In version 2 of Prosvasi, we are creating a CRM for users.
  • Interoperability using Apache Camel, Kafka, and Debezium for automatic updates of changes in primary sources.
  • Upgrade of the UI from AngularJS to Angular2 (v13).
  • Support for updating data destinations such as LDAP and Active Directory.
  • Support for WSO2 Identity Server and Keycloak.
wso

Dev Operations

The team has significant experience in the design, implementation, and support of large-scale infrastructures for high-load and high- availability applications. By utilizing open-source software, we assist organizations or IT companies in software production and solution integration to successfully execute complex architectures in private cloud environments.

More specifically

  • Study of implementation architecture in container environments.
  • Implementation of high availability installations.
  • Creation of a lightweight identity server based on Spring AuthorizationImplementation of virtual networks.
  • Implementation of proxy and caching mechanisms.
  • Implementation in Azure and AWS environments.
wso

Collaborative communication environment

The secure use of communication via audio, video, or text, combined with the secure storage of files, can be best served through an integrated solution based on the Matrix protocol and the use of applications like Element (audio and messaging) and Jitsi Meet (video conference). The solution is complemented by the collaborative file management system Nextcloud, which can largely replace commercial solutions such as Google Apps in terms of file management.

Indicative services

  • Study of implementation architecture in a containerized environment.
  • Installation of Matrix in combination with Jitsi Meet and Element.
  • Installation of Nextcloud.
  • Implementation of high-availability installations.
  • Ability to certify the level of confidentiality.
wso

Address

Links

Home About Services Resources