SpinSys SSO/IAM/Federated Authentication Highlights

Michael Peterson
Software Architect
SpinSys

SpinSys, a recognized leader in providing Single Sign-On (SSO), Identity Access Management (IAM) and Federated Authentication solutions, has extensive experience in establishing enterprise identity solutions as well as integrating their own managed systems with existing solutions. Their experience ranges from working with Microsoft Active Directory (AD) and Active Directory Federation Services (AD FS) in both corporate and government environments to integrating consumer products with OAuth2 endpoints provided by third party providers such as Google and Facebook. They have specialized expertise in working within the confines of DoD and Federal environments while setting up x509 (both CAC and PIV) certificate authentication. This expertise combined with a knowledgeable, experienced staff allows SpinSys to provide services to meet the requirements of any client.Past Performance Highlights

Over the years, SpinSys has assisted several clients in meeting their single sign-on requirements by providing solutions at both the enterprise and application level. Their experience in working with clients of various sizes has allowed them to provide single-sign solutions that can be scaled and tailored to any client’s needs.

Department of Justice, Civil Rights Division – SSO PIV/LDAP integration

Helping DOJ/CRT keep pace with the latest technology, SpinSys continuously upgrades their base software; the latest refresh served as a technology upgrade from a client-server to a web-based application system. The recent upgrade also included the development and deployment of a Single Sign-On (SSO) feature, which utilized Active Directory LDAP integration with DOJ JCON, a PIV-enabled system, to allow users log in through a single portal for role-based access to multiple applications. The SpinSys COTS product was enhanced to work within DOJ SSO requirements.

DHA CarePoint (PIV/CAC)

While SpinSys was establishing the CarePoint Application Portal SharePoint 2013 environment, DHA was looking for a robust, enterprise identity solution. They had already seen various attempts at creating custom FBA providers to enable CAC authentication. SpinSys prototyped and then established an enclave wide solution by extending the existing Active Directory (AD) implementation with Active Directory Federation Services (AD FS). AD FS allows DHA to maintain a central account repository with AD and provides a secure, standards based identity provider (IdP) to enable federated CAC as well as PIV authentication. The central repository gives DHA one place to create or disable a user across all systems.

Fortune 500 Financial Institution – COTS SSO Integration

The Fortune 500 Financial Institution corporate legal system utilizes the Spin Business Framework for application development and configuration. While implementing the legal system, SpinSys was tasked to federate with an existing enterprise COTS SSO product. SpinSys configured authentication providers to accept custom HTTP headers and authenticate the user based upon them while working with Fortune 500 Financial Institution, This allowed them to centrally manage their user accounts at their corporate help desk instead of forcing the legal department’s administrators to take on that responsibility.

Tableau (DHA SSO Integration)

DHA utilizes Tableau as part of their Business Intelligence platform. The challenge was to provide a single sign-on solution that would allow users to seamlessly integrate Tableau dashboards with DHA’s CarePoint Application Platform. DHA did not want to duplicate user accounts and have the responsibility to manage accounts in multiple locations. The SSO solution was required to support both CAC as well as PIV. SpinSys was able to quickly federate Tableau with the Active Directory Federation Services (AD FS) server previously provisioned by SpinSys. This provided a seamless experience to the end users and allowed DHA to centrally manage a single account across all systems.

Department of the Navy – Office of the CIO

SpinSys built a CAC authentication module that integrates with the asset management solution implemented by their development teams. Out of the box, the COTS product leveraged username/password authentication but the Navy required CAC authentication to meet Information Assurance guidelines. SpinSys ensured that all software components and databases continued to satisfy DoD and Navy regulations and standards, including IA regulations, regular STIG implementation, and safeguards to ensure continued security compliance and accreditation of the system, environments, and personnel.

SpinSys’ development/modernization support includes analysis, recommendation, acquisition, configuration, deployment and related software engineering services required to implement a proposed Commercial-Off-The-Shelf (COTS) software for an Identity Access Management (IDAM) solution to replace the current limited functionality custom code. The proposed COTS solution would not only support CAC authentication, but also provides additional functionalities including streamlined automated new account creation or reactivation through a self-service portal.