Augment Your Legacy IAM

Have you ever run into a situation where you know exactly what you have to do to solve the problem but can’t do it? No, I’m not talking about fixing the last season of Game of Thrones. For those running legacy identity and access management (IAM) systems, the decision to modernize isn't so much about whether there is a problem but rather how to go about solving it.

Legacy IAM

From time to time, I talk to customers who are running legacy IAM systems and want to modernize. They understand how easy it is to do so but cannot take that project on for other business reasons. 

I ran into one such situation with a customer recently. The customer spent most of last year and many costly consulting hours “upgrading” to the newer version of their IAM system. After the upgrade, the team realized that they lost some features. How an upgrade actually results in loss of functionality is beyond me but the deed was done and there was no way to downgrade to get those features back. They are now stuck.

The executive management team was now understandably wary and not ready to invest any more on the legacy system, especially when they have many other priorities, like improving security by adding Multi-Factor Authentication (MFA) as a business priority. They wanted to focus their IAM efforts on improving their overall security posture, along with improving the user experience during authentication. They did not want to move their IAM system from one vendor to another, even if that meant more features and stability in the long run.

They reached out to me and asked for help. I started by whiteboarding the below diagram to help the team understand the current architecture.

Augment Legacy Blog 1.png

Figure 1. Legacy architecture for a simple app.

 

The users access the legacy applications through a proxy and get authenticated through the Legacy Access Management (AM) that then authenticates to their Legacy Directory Services.

To introduce new capabilities like MFA and many other Intelligent Authentication capabilities into the architecture, all we have to do is leverage the plug-in capabilities of the legacy AM with the powerful REST API of the ForgeRock Access Management platform. The new architecture will look something like below.

 

Augment Legacy Blog 2.png

Figure 2. Augment legacy AM system with ForgeRock Intelligent Authentication.

 

With very little change to the legacy system, now you have introduced modern capabilities and also laid down the foundation for a modern IAM platform. Once you show the organization the power of a modern IAM platform that is stable, scalable, and secure, the future IAM conversations become easy. They will no longer talk to you about scalability issues or outages; the discussion turns to how your modern IAM platform can improve the user experience and play a critical role in digital transformation and other critical business growth initiatives.

You can simply say yes to all of those requirements because of the strong foundation of ForgeRock AM that can be easily extended to start protecting new and old applications by plugging them directly into ForgeRock AM with our well tested Seven Step Approach.

 

Augment Legacy Blog 3.png

Figure 3. co-exist legacy AM system with ForgeRock Intelligent Authentication during migration.

 

Let's Chat

Want to see a demo of the above approach working in a real environment? 

Want to know which legacy access management solutions we can help with? 

Want to learn more about our Intelligent Authentication capabilities? Contact Us.


 

Who Is Keith Daly?

Keith Daly, Principal Solution Architect, has over 20 years of Identity and Access Management experience. Through the decades he has held positions on all sides of the equation, ranging from core product engineering to working on formal 3rd party ISV integrations, from slogging away to deliver the bits and bytes of production implementations to herding cats as a project manager, from sales engineering to client-side engineering and management. While being a big fan of rapidly evolving technology, he also enjoys sleeping well after well-planned, non-dramatic software deployments.

Recent Posts:

Prevent Data Breaches: How to Build Your AI/ML Data Pipeline

Identity platforms like ForgeRock are the backbone of an enterprise, with a view of all apps, identities, devices, and resources attempting to connect with each other. This also makes them perfectly positioned to gather rich log identity data to use for preventing data breaches.

Zero Trust and Identity: Evolving from Castles to Cities

The common analogy for protecting computer networks has typically been that of the castle, complete with big walls and surrounding moat. Though this is a good one, the growth and innovation in security technology, including the Zero Trust Model, add complexities.

Augment Your Legacy IAM

Have you ever run into a situation where you know exactly what you have to do to solve the problem but can’t do it?