By choosing Ilex International’s IAM platform and the expertise of Synetis, Crédit Agricole S.A. modernised its access management so that the group’s employees are able to access their applications simply and securely.
The solution implemented:
Sign&go Global SSO
Strong and adaptive authentication, access control, global SSO (Web SSO and eSSO), identity federation and mobile SSO.
The challenges
- Strengthen security of IS access
- Simplify password management for users
- Standardise and share access infrastructures
A renowned European group committed
to its IS security
The Groupe Crédit Agricole is the largest financier of the French economy and one of the very first financial actors in Europe. A leader in retail banking in Europe, the group is also the leading European asset manager, the leading bank insurance provider in Europe and the third largest European project-financing actor. Drawing on its cooperative and mutual foundations, its 140,000 employees and 31,150 administrators of local and regional Funds, the Groupe Crédit Agricole is a responsible and beneficial bank, serving 52 million customers, 8.8 million members and 1 million individual shareholders.
Crédit Agricole S.A. provides its employees with various types of business applications for which access is not managed in a centralised manner. Its executive management thus wishes to launch a reflection in order to modernise their IS security by rationalising the access management of the 3,000 employees at corporate headquarters. At the same time, Crédit Agricole is aiming to manage security issues related to mobility, including to uncontrolled peripherals (BYOD).
A SSO complex project with heterogeneous applications accessed by multiple channels
The Crédit Agricole S.A. project aimed to strengthen the security of access to the various types of business applications available whilst simplifying user-friendliness for employees. The objective was to provide a single authentication (SSO), whatever the technical base and access channel of the applications involved.
« The business applications which we provide for our employees are based on differing technologies and sometimes have their own user reference from our intranet directory. This required our employees to retain a considerable number of passwords, as well as to be familiar with the directory used by their applications. We therefore needed to harmonise and centralise application access management in order to streamline technical services and simplify user access. We needed a solution capable of integrating multiple technologies at once, as well as taking into account the complexity of access types, via thick-client, web, internally and externally…»
The Ilex International/Synetis partnership for unequalled functional coverage
After having addressed market solutions, including via analyst reports with regard to access management, then via a call for tenders followed by a POC, Crédit Agricole S.A. opted for the Sign&go Global SSO solution from Ilex International, coupled with the expertise of the integrator Synetis.
Sign&go Global SSO is without equal on the market, as is offers via a unique server architecture and centralised administration, all features from strengthened and adaptive authentication to identity federation, by way of eSSO, Web Access Management and mobile SSO (LIEN PAGE 30). It’s a true ‘authentication and federation Hub’ that enables coverage of all existing means of authentication, whatever the environment employed (Workstation, Web, or Mobile) already implemented with success in Banking, Finance and Insurance sector.
Consultancy and Technology Security Expert in IS. Synetis brings enterprises consulting and expertise, operational as well as technological, in order to comprehensively secure their IS by: Organising and controlling the security of their IS (SSI Governance), Controlling identities, authorisations and access to their IS (IAM, IAI, IAG), Protecting their information assets and preventing the leakage of sensitive information, Managing their digital confidence cycle
« What convinced us in choosing the Ilex International – Synetis partnership was their ability to offer us a solution ultimately covering all our issues, but with the potential to have an iterative approach. The proposed solution’s comprehensive and scalable vision permitted an overall view of actions to be undertaken from the outset, and thus to ensure the coherence of our security policy over the long term, whilst segmenting the implementation of the various bricks in our access management project. The solution’s compatibility with the standard market protocols of identity federation (SAML, OAuth, OpenID Connect, etc.) was also a sine qua non because we wanted an open and interoperable technological response.»
The project began with the implementation of single authentication on several thick-client applications (Communications and HR, primarily) in order to concretely demonstrate the solution’s benefits and gain user adhesion. Then, a dozen web applications were also quickly connected via identity federation mechanisms. SAML integration kits were provided to facilitate the deployment of non-compatible applications. The use of these kits embedded within the applications simplified the interfacing work; it was a significant business as well as technical step forward.
« Now thanks to Ilex International’s Sign&go Global SSO solution, users quickly and easily access their business applications. We have communicated extensively about the project, and have assisted and guided our users towards the change. Business services have also gained in both time and simplicity because they are able to deploy the SSO on their Web apps without specific development, via the integration kits. From a security point of view, we have standardised and shared the authentication and authorisation infrastructures; this allows us to have a comprehensive view and to generate precise audits detailing all authentications.»
Securing usage related
to the mobility of personnel
Building on the success of this first stage of the project, Crédit Agricole S.A. wishes to expand the modernisation of its IS by securing mobile usage by its personnel. The objective is to implement an adaptive and potentially multi-factor authentication in terms of risk levels defined by the group’s security policy.
« We would like to continue building on this momentum and also cover mobility-related usage. The objective is to strengthen the security of access to our IS in terms of the various connection contexts, according to the user’s location, the equipment s/he is using (controlled station or otherwise) or the network through which it’s passing, for example.»
The Ilex International solution provides innovative features in terms of Multi Factor Authentication, in particular, the Sign&go Authenticator module, based both on the use of one-time passwords (OTP) and on the validation of PUSH mobile by fingerprint or PIN code entry. The enrolment of the mobile is simplified by the use of a QR Code and the application offers a connected or disconnected mode of operation, which will enable Crédit Agricole to bring all-area responses to its mobile users.
The benefits
- User ergonomics and convenience
- Time savings for business and technical services
- Strengthening of authentication
- Homogenisation of global IS security policies
- Traceability and audit of centralised access