Quick operation, minimal training, simple support
Cumbersome to reset passwords
Complicated to securely federate with vendors
Time-consuming to support
Employees of a major West Coast credit union had to remember multiple unique passwords as they logged in to several important systems. If an employee forgot a password, Human Resources had to intervene to reset it. In response, the company implemented simple-to-support single sign-on technology from F5, which has improved productivity enterprise-wide.
This major credit union serves hundreds of thousands of members and oversees billions of dollars in assets. Like all banks and similar institutions, this financial cooperative strives to minimize costs—which is key to maximizing returns—and it depends on reliable IT systems that are guarded by technologies designed with security in mind.
Maintaining high levels of employee productivity helps minimize costs. Unfortunately, the credit union’s workers lost time because they had to remember unique passwords and log in to critical systems one at a time. “If an employee forgot a password or entered too many wrong passwords, locking the account, Human Resources staff would have to manually access the application or the vendor’s website to reset the password,” explains the credit union’s Senior Manager of Cyber Security and Networking. “This process was time consuming and not employee-friendly.”
When ADP, the cooperative’s vendor for payroll and related services, made single sign-on (SSO) authentication available for its customers, the credit union wanted to use it. But as a financial services company, it has to follow, and require its vendors to follow, strict security policies.
The credit union defined as primary requirements the Security Assertion Markup Language (SAML, an XML-based standard for authenticating and authorizing data), Kerberos (a secure method for authenticating service requests in a network), and hash-based message authentication code (HMAC). The financial cooperative sought a solution that would support its SSO goals, meet its security requirements, and offer reliable service across multiple data centers.
On the back end, our engineers can manage BIG-IP APM so easily that they have more time to focus on best practices and support other applications and services more effectively.
To achieve its objectives, the credit union chose F5 BIG-IP Access Policy Manager (APM), a solution that simplifies the user experience through identity federation and SSO. It secures and differentiates access to the credit union’s applications, data, network, and the cloud, based on both context and an employee’s identity. “We’ve been using F5 intelligent traffic management solutions for more than a decade,” says the Senior Manager of Cyber Security. “We’re quite happy with the F5 products we’ve chosen before, so we had great confidence in its SSO technology.”
Adds the credit union’s manager of IT Network Infrastructure, “We were extremely happy with BIG-IP APM in our tests. It did everything we wanted it to do.”
The cooperative set up an intranet site with Kerberos authentication, which uses SAML-based federation, works through BIG-IP APM modules, and ultimately passes the user’s credentials to ADP.
“The process is invisible to employees,” says the IT Infrastructure manager. “We experienced a seamless BIG-IP APM rollout. Everything worked the way it was supposed to.”
The Senior Manager of Cyber Security adds, “Now that we have this F5 solution, we’re removing Juniper Networks’ VPN client and replacing Cisco AnyConnect.”
The financial cooperative also signed up for F5 Professional Services. “The F5 engineers we’ve worked with have been exceptional—very knowledgeable and expert—so we’ve been quite happy in the support arena as well,” says the IT Infrastructure manager.
Plus, the company is taking advantage of F5 iRules to automate, customize, and standardize its IT environment. “By choosing iRules, we’ve been able to replace cumbersome, time-consuming manual processes and avoid the need for a lot of troubleshooting,” continues the IT Infrastructure manager. “I can’t speak highly enough of iRules.”
The deployment was so successful that the credit union applied SSO to other applications and services, including those for employment engagement, travel and expense management, contract management, and a growing number of other areas. Additionally, the credit union adopted a corporate-wide policy that all existing and new applications, including those from outside vendors, must support its SSO setup.
The F5 BIG-IP interface is really intuitive, and troubleshooting with it is simple.
By choosing BIG-IP APM as the foundation of its SSO capabilities, the credit union gains a reliable solution that requires minimal support from IT, yields higher productivity for employees, and provides strong security for federated SSO connections.
Most of the IT staff who support BIG-IP APM did not need to take any F5 training classes. “After I provided minimal instruction on how to go through the logs, track the sessions, and trace operational problems, our
team was able to get things moving quite quickly,” says the Senior Manager of Cyber Security. “The F5 BIG-IP interface is really intuitive, and troubleshooting with it is simple.”
He adds that he can support many new and varied services, with few technical issues, because of the solution’s flexibility. “As long as a vendor is SAML 2.0–compliant and uses HMAC, their applications will likely support our SSO and we can run them. Before we had BIG-IP APM, trying to troubleshoot logins or vendor product issues was difficult because we’d have to bring in the other vendors’ support teams.”
The IT Infrastructure manager agrees: “We’ve had very few problems with SAML, single sign-on, and BIG-IP APM. On the IT support back end, we’ve had few issues as well.”
The company’s IT help desk burden has eased, too. “We have seen decreases in support requests,” says the Senior Manager of Cyber Security. “When we do receive calls, it’s usually because a vendor isn’t properly supporting our SSO.”
Better reliability and less support time translates into productivity. “Not having to deal with user names and passwords and clicking a single link takes less time and makes employees’ lives easier,” says the IT Infrastructure manager. “And because they don’t have to remember multiple passwords, they don’t lose time getting them reset.”
Beyond end users, he adds, “On the back end, our engineers can manage BIG-IP APM so easily that they have more time to focus on best practices and support other applications and services more effectively.”
Not surprisingly, the credit union considers security a critical aspect of the SSO solution and all the systems it affects. The Senior Manager of Cyber Security is confident that the solution now in place provides the protection the credit union needs. He further notes that if the credit union has to perform a security investigation, it now has more logging and auditing tools to expedite that process. “The logs that we’re able to retrieve are phenomenal in their detail,” he says.
“Security is a big factor in our implementation, our decisions about it, our authentication choices, and more,” he concludes. “So in addition to all the other benefits we’ve talked about, from a security standpoint alone, we’ve been extremely pleased with BIG-IP APM.”