a diagram of devices connected to each other

Envisioning and executing an identity management roadmap


The Identity and Access Management (IAM) team at our retail client is chartered with setting security standards, delivering IAM services, identity lifecycle management (ILM), and providing developer guidance across all internal business units. After a recent acquisition, it was determined that a vendor portal for one of our client’s subsidiaries had been maintaining its own application specific identity store which was administratively burdensome, contained stale accounts which still had live access, and passwords that did not meet our client’s security best practice standards. Additionally, sensitive data was constantly at risk because application developers did not know how to build or properly maintain identity systems given the ever-changing risk landscape.

To address the resulting business risk, cost, and complexity of application-specific identity silos, the IAM team was tasked with providing a secure, highly available, standards-based, federated identity platform that met all internal and subsidiary stakeholder requirements and conformed to our client’s long-term identity roadmap. Furthermore, the team would need to provide a multi-tenant, self-service delegated administration portal while ensuring seamless migration of their existing user base. The selected platform must significantly improve the customer (vendor) experience, ensure all identities conform to corporate best practice security standards, and enable important new scenarios such as mobile access, social login, two-factor authentication, anomaly detection, single-sign-on, and identity federation.


The Kalles Group (KG) team was brought in to help collect and prioritize requirements, assess competing commercial and open-source offerings, and design and implement the solution. Additionally, KG provided guidance in migrating the existing application to the subsidiary’s e-commerce development team.

The KG team collaborated with the client to bring together all the best thinking across the organization, develop a framework and strategy, and align priorities and goals of all stakeholders.

The KG team identified multiple potential solutions that met stakeholder and business requirements. They presented a comprehensive list of benefits and limitations of various competing standards (including interoperability) as well as product implementation shortcomings and differentiators, all of which allowed the client to select the right product with confidence.


With KG’s assistance, the IAM team selected the most cost-effective solution that not only met their existing requirements but one which could serve as the unified identity platform across the enterprise. The
solution offered cloud-based, on-premises, or hybrid deployment scenarios that provided the customer with maximum initial flexibility and the ability to migrate as business needs changed.

As part of the solution, the KG team provided a custom portal dashboard, custom identity workflows for secure, automated identity provisioning/de-provisioning, audit log integration, and operationalization guidance. KG also provided client training on the authentication and authorization process, best and worst practices operating a robust and secure Identity as a Service (IDaaS), and related developer training.


Because of KG’s focus on the careful alignment of potential solutions to the longer-term identity roadmap and subject matter expertise, the customer was able to make significant tangible progress towards their longterm goals, bring their subsidiary’s vendor portal into compliance, reduce related operational expenses and provide a significantly better customer experience.

Our client’s organization now has a unified, scalable, multi-tenant, highly-available, standards-based, secure, identity platform (IDaaS) that is capable of simultaneously securing their PCI, SOX and normal access for employees, vendors, partners, contractors and customers

Our client is now ready to enable exciting new scenarios that have remained on the drawing board such as mobile access, social login, selective multi-factor authentication, anomaly detection, identity federation, and a single-sign-on experience across all of their properties and subsidiaries.

Because of the Kalles Group team’s focus on the careful alignment of potential solutions to the longer-term identity roadmap, the customer was able to make significant progress towards their long-goals.