Have you ever run into a situation where you know exactly what you have to do to solve the problem but can’t do it? No, I’m not talking about fixing the last season of Game of Thrones. For those running legacy identity and access management (IAM) systems, the decision to modernize isn’t so much about whether there is a problem but rather how to go about solving it.
From time to time, I talk to customers who are running legacy IAM systems and want to modernize. They understand how easy it is to do so but cannot take that project on for other business reasons.
I ran into one such situation with a customer recently. The customer spent most of last year and many costly consulting hours “upgrading” to the newer version of their IAM system. After the upgrade, the team realized that they lost some features. How an upgrade actually results in loss of functionality is beyond me but the deed was done and there was no way to downgrade to get those features back. They are now stuck.
The executive management team was now understandably wary and not ready to invest any more on the legacy system, especially when they have many other priorities, like improving security by adding Multi-Factor Authentication (MFA) as a business priority. They wanted to focus their IAM efforts on improving their overall security posture, along with improving the user experience during authentication. They did not want to move their IAM system from one vendor to another, even if that meant more features and stability in the long run.
They reached out to me and asked for help. I started by whiteboarding the below diagram to help the team understand the current architecture.
Figure 1. Legacy architecture for a simple app.
The users access the legacy applications through a proxy and get authenticated through the Legacy Access Management (AM) that then authenticates to their Legacy Directory Services.
To introduce new capabilities like MFA and many other Intelligent Authentication capabilities into the architecture, all we have to do is leverage the plug-in capabilities of the legacy AM with the powerful REST API of the ForgeRock Access Management platform. The new architecture will look something like below.
Figure 2. Augment legacy AM system with ForgeRock Intelligent Authentication.
With very little change to the legacy system, now you have introduced modern capabilities and also laid down the foundation for a modern IAM platform. Once you show the organization the power of a modern IAM platform that is stable, scalable, and secure, the future IAM conversations become easy. They will no longer talk to you about scalability issues or outages; the discussion turns to how your modern IAM platform can improve the user experience and play a critical role in digital transformation and other critical business growth initiatives.
You can simply say yes to all of those requirements because of the strong foundation of ForgeRock AM that can be easily extended to start protecting new and old applications by plugging them directly into ForgeRock AM with our well tested Seven Step Approach.
Figure 3. co-exist legacy AM system with ForgeRock Intelligent Authentication during migration.
Want to see a demo of the above approach working in a real environment?
Want to know which legacy access management solutions we can help with?
Want to learn more about our Intelligent Authentication capabilities? Contact Us.
*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Keith Dalyn. Read the original post at: https://www.forgerock.com/blog/augment-your-legacy-iam