GERMAN FEDERAL AGENCY

How one German Federal Agency has killed the password and improved security and user experience by moving to strong passwordless authentication.

A German Federal Institute, which forms part of a collection of federal agencies consulting the German national government, recognised the need to evolve its workforce authentication. The organisation had identified its password-based approach as a low security solution that was delivering a poor user experience for its employees. A strong multi-factor authentication solution was required as the organisation looked to ensure its employees could access government systems simply and securely.

THE CHALLENGE

With login and passwords still in use, the agency recognised that there was a need to step up the organisation’s security and provide a better system for its IT teams and employees.

Strong two-factor authentication (2FA) using the cryptographic security of public key infrastructure (PKI) was identified as the most secure solution. As proven technology that is simple to use and familiar to employees, smart cards was the chosen form factor that the agency wanted their 2FA to be based on. This meant employees would log in to an IT system using a combination of their credentialed smart card plus a PIN.

The federal agency was looking for an on-premise solution that would sit within their existing Windows Server network and enable their IT teams to issue digital identities to their employees’ smart cards, set user policies, manage the x.509 certificates and integrate into the agency’s Microsoft Active Directory. A software solution that would integrate with the internal Microsoft PKI certificate authority (CA) was essential, as was the scope for employees to self-serve when reactivating a blocked smart card or setting a new smart card up for use.

In addition, the agency required installation on-site by a German-speaker.

THE SOLUTION

CRYPTAS Deutschland GmbH was the chosen organisation to deliver the 2FA strong authentication solution. The CRYPTAS solution offered a combination of TicTok smart cards for employees to use crypto-backed authentication into IT resources, and feature rich credential management software solution in Intercede’s MyID for issuing and managing digital identities across the agency’s employees. MyID also presented a user-friendly solution for the organisation’s IT teams to manage their 2FA deployment and self-service options for employees to manage their smart cards themselves.

In line with the agency’s requirements, MyID was installed on-premise by CRYPTAS to the existing Windows Server 2019. Providing a fully functional credential management system for the agency without connection to any cloud services or requirements for permanent internet connectivity.

IT-Grundschutz was complied to within the agency’s IT network, using the Microsoft AppLocker service. The administration of all agency computers and user accounts takes place in a Windows domain, using Active Directory (AD). The configuration of MyID ensures that AD information is usable within the credential management system, with AD accessed via LDAPS.

The self-service elements of MyID ensure that agency employees have the ability to reactivate their smart card should it become blocked. Employees are also able to update existing smart cards and can only see features within MyID that they are able to use.

CRYPTAS delivered the integration and TicTok card setup on time at the agency’s base, all managed on-site by CRYPTAS’ native German-speaking team from its Düsseldorf office.

THE RESULTS

Improved security

The threat of data breach has been minimised by the agency moving from passwords to 2FA using strong authentication.

Improved usability

Employees no longer have extensive passwords to remember and update and are able to login simply with their TicTok smart card and a PIN.

Reduced helpdesk demand

Employees can now self-serve using MyID to reset PINs and update their smart card, reducing demands on IT teams.

Seamless integration

The flexibility of MyID to integrate with the agency’s existing IT infrastructure, together with onsite installation by CRYPTAS, ensured a smooth transition to the new deployment.

Futureproofed identity solution

The proven integration between MyID and TicTok smart cards ensures the federal agency has a solution that can grow in line with their requirements. The additional flexibility of MyID to issue and manage credentials to virtual smart card technology, USB security keys, and mobile devices means that the agency has a futureproof identity management solution.

Easy deployment

The expertise and experience of the CRYPTAS team ensured the deployment was simple and without hidden complexities and costs. The end-to-end approach offered by CRYPTAS kept things simple and ensured everything from hardware, software, installation and support was managed in line with the agency’s requirements, timescales and budget.

Download the case study

In this case study we look at how a German Federal Agency has moved to strong passwordless authentication thanks to a solution deployed by Intercede partner, Cryptas Deutschland GmbH with MyID credential management software.

DOWNLOAD

Trusted by Governments and Large Enterprises Worldwide

Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.