The Client

The client offers a web based platform to families and caregivers to address emergency management gaps. Instead of relying on manual processes and paper based documents, the client provides families access to emergency services and communications electronically to address crisis situations and offer efficient, safe and reliable solutions.

The Business Need

The client’s web based platform was developed using Java with SQL Server database. The platform was hosted on-premise and the solution allowed minimal direct access to production environment. The application was developed using legacy 2-tier client server architecture. The single instance of SQL server database was used to store both application data and user data. User authentication to access client’s application was also based on the user data stored in the SQL database. The authentication logic was written as part of the Java-based application.

The client wanted to move the user authentication from SQL database to Azure Active Directory to eliminate the database dependency and authentication logic from the application tier. The client wanted to leverage Azure’s globally available, scalable and customizable platform for user authentication. The client needed help with the integration of its Java based application with Azure services.

Azure AD offers large number of features in addition to basic user authentication services. These include multi-factor authentication, access to apps such as Office 365 and access to premium services such as group management, cloud back-ups, and self-service password reset. The Azure AD Business to Customer (B2C) solution allows clients to customize and control how users sign up, sign in, and manage their profiles.

The Challenge

Optimus completed elicitation of the client’s requirements and documented the final acceptance criteria. Based on this knowledge, Optimus developed a proof of concept to demonstrate the integration of client’s platform with Azure AD. The proof of concept addressed the following technical and implementation challenges:

  • Demonstrate the replacement of a database oriented user authentication with an off-the-shelf identity management platform.
  • Migration of more than 90,000 users from existing SQL based solution to Azure Active Directory B2C.
  • Integration of existing Java web tier with Azure Active Directory B2C.
  • Strategize and notify customers regarding password reset after migration to the Azure AD platform.

Optimus Solution

Planning Phase

After the initial meeting with the client, Optimus conducted detailed requirement gathering session. The client’s end users utilized either local database accounts or their social media accounts to login to the application. Optimus recommended use of Azure AD B2C as the solution to seamlessly migrate both types of users.

Execution Phase and Problems Solved for the Client

Optimus completed the following steps during the execution phase of the proof of concept:

  • Setup a separate subscription for Azure POC.
  • Provision Azure AD B2C and complete custom branding based on client’s publicly facing web application.
  • Configure Azure AD B2C using IAM (Identity Access Management).
  • Setup 90,000 test users using on-premise SQL database.
  • Develop a desktop-based .NET utility to help migrate the data from existing SQL database to Azure AD B2C.
  • Configure user flows in Azure AD B2C for user logins to Azure AD, new user registration, and password reset to customize the look to the existing app and user flow for the end user.
  • After successful login/new user registration, control flows from Azure AD B2C to the existing on-premise Java application. Create a simple Java application to simulate this process using on-premise Tomcat server.
  • The Java based simulation app used OIDC (Open ID Connect) authentication protocol.
Screen-Shot-2020-01-21-at-1.51.13-PM Azure Active Directory B2C Solution

High level architecture and user flow for Azure AD B2C.

The Result

The client was able to transition from a legacy authentication model to a standards-based Azure AD B2C identity management solution. Some of the capabilities of the new solution include zero coding effort for user authentication, strong authentication supported by a customizable password policy, out of the box multi-factor authentication and seamless integration of existing application with Azure AD.

Conclusion

Optimus’ client engagement process was based on delivery of requirements, acceptance criteria, estimate and project plan. Additionally, Optimus offered bi-weekly status meetings, regular demonstration of work completed, updates via Slack channel and code sharing via Bit-bucket. The project fell under the Azure migration/integration core services domain. The project was delivered using Azure AD B2C, HTML / CSS / JavaScript for custom branding, C# for developing app to migrate users and Java 8 with Servlet / JSP / Maven for application deployed on Tomcat 8.
Contact Optimus Information to learn more about how Azure Active Directory can help your organization.

 

All product names, trademarks and registered trademarks are property of their respective owners.