Le Groupe La Poste relies on Ilex International’s IAM platform to strengthen its information system security and optimise employee access and application rights management.
The solution implemented:
Sign&go Global SSO
Strong and adaptive authentication, access control, global SSO (Web SSO, eSSO, mobile SSO and identity federation.
The challenges
- Strengthen the security level
- Simplify password management for users
- Streamline authorisation management processes within the group
- Facilitate access traceability
Harmonise and track Web access:
A key issue for Le Groupe La Poste
Le Groupe La Poste a French public limited company since March 1st, 2010, is organised into five Business Units: Services-Mail-Parcels, La Banque Postale, La Poste Network, GeoPost and Digital Services. Present in more than 40 countries on 4 continents, the group has more than 266,000 employees.
In 2009, the central Information System Division (ISD) noted that a large number of directories existed among ISDs in the various branches and within cross-functional Management divisions. Over the years, cross-functional applications have been deployed, most of them using their own authentication repository. This architecture implies multiple login/password pairs for users, significant licence, operation and administration costs, information inconsistencies between each directory likely to generate security problems on the IS.
Therefore, the central ISD decided to launch a Web SSO portal to centralise and coordinate employee access to their Group applications.
A unique access platform
for Le Groupe La Poste cross-functional Web applications
By providing employees with a Web portal operating with single authentication, whatever the Group application used, La Poste addresses several objectives.
The purpose of this platform, which is based on a central repository for identities and authorisations, is primarily to strengthen the security level and simplify the implementation of security policies within the group.
« This was an ambitious project. Its scope covered cross-functional applications rather than branch-specific applications: therefore it impacted all of the users in the group. The multitude of directories and authorisation management processes within the group made it difficult to track access. We needed global visibility to ensure that the employees’ rights matched their business profiles, including in case of internal mobility (such as someone moving to another branch). »
Besides reinforcing security, La Poste enhances user experience significantly by simplifying password management. No more entering a login/password for each application! The user now benefits from a single authentication (SSO) from the portal.
The key issue for the group is therefore to improve security and provide its employees with a strong added-value service, while reducing costs and simplifying the ISD’s management of daily tasks.
Ilex International,
the choice of a recognised specialist
on the Identity and Access Management (IAM) market
Following a European call for tender, Le Groupe La Poste entrusted Ilex International with its project. The French software provider is specialised in Identity and Access Management and has been for more than 25 years now.
« Selecting Ilex International was a logical continuation of our past collaboration with this software provider in the implementation of our Group directory. The expertise and responsiveness of its teams are widely recognised. Moreover, Ilex International had already worked on projects of that size, which was a strong asset. »
The WAG portal (WAG standing for Web Applications of the Group) is based on the Sign&go Global SSO technology which provides a single authentication service for the cross-functional Web applications of the group. It allows employees from any branch of La Poste to access the applications authorised by their profiles in a transparent way, whether they connect internally or externally.
« Today, we have 48 Web applications, grouped by categories, and the WAG portal registers on average one thousand connections/day. In order to provide users with more independence, the portal offers a Self-Service module which enables them to reset their password easily, with no need to call the helpdesk. This saves both users and us a tremendous amount of time! »
A very positive return on investment
Employees were really impressed by the SSO solution which optimised access security, and so was the central ISD. The project’s return on investment is real: the streamlining of directories considerably reduced the licence, operation, administration and hosting costs. Benefits related to password problems processed by the Support team are estimated between €150,000 and €200,000 per year.
The security policies implemented are now consistent. Authorisation management is controlled and centralised: Le Groupe La Poste is thus in compliance with regulations and operational risks are limited.
Moreover, the solution guarantees employee access traceability and can provide audits instantaneously.
« Stronger application passwords, consistent security policies, traceability and accurate audits, it’s all there! »
The benefits
- Improvement in the level of security
- Guaranteed access traceability
- Consistent management of access and application rights
- Reduction of administration costs
- Simplification and enhanced user experience