Intercede Named an Overall Leader in KuppingerCole Secrets Management Leadership Compass 2023. Download Now!
German Federal Agency - Intercede

GERMAN FEDERAL AGENCY

How one German Federal Agency has killed the password and improved security and user experience by moving to strong passwordless authentication.

A German Federal Institute, which forms part of a collection of federal agencies consulting the German national government, recognised the need to evolve its workforce authentication. The organisation had identified its password-based approach as a low security solution that was delivering a poor user experience for its employees. A strong multi-factor authentication solution was required as the organisation looked to ensure its employees could access government systems simply and securely.

THE CHALLENGE

With login and passwords still in use, the agency recognised that there was a need to step up the organisation’s security and provide a better system for its IT teams and employees.

Strong two-factor authentication (2FA) using the cryptographic security of public key infrastructure (PKI) was identified as the most secure solution. As proven technology that is simple to use and familiar to employees, smart cards was the chosen form factor that the agency wanted their 2FA to be based on. This meant employees would log in to an IT system using a combination of their credentialed smart card plus a PIN.

The federal agency was looking for an on-premise solution that would sit within their existing Windows Server network and enable their IT teams to issue digital identities to their employees’ smart cards, set user policies, manage the x.509 certificates and integrate into the agency’s Microsoft Active Directory. A software solution that would integrate with the internal Microsoft PKI certificate authority (CA) was essential, as was the scope for employees to self-serve when reactivating a blocked smart card or setting a new smart card up for use.

In addition, the agency required installation on-site by a German-speaker.

THE RESULTS

Improved security

The threat of data breach has been minimised by the agency moving from passwords to 2FA using strong authentication.

Improved usability

Employees no longer have extensive passwords to remember and update and are able to login simply with their TicTok smart card and a PIN.

Reduced helpdesk demand

Employees can now self-serve using MyID to reset PINs and update their smart card, reducing demands on IT teams.

Seamless integration

The flexibility of MyID to integrate with the agency’s existing IT infrastructure, together with onsite installation by CRYPTAS, ensured a smooth transition to the new deployment.

Futureproofed identity solution

The proven integration between MyID and TicTok smart cards ensures the federal agency has a solution that can grow in line with their requirements. The additional flexibility of MyID to issue and manage credentials to virtual smart card technology, USB security keys, and mobile devices means that the agency has a futureproof identity management solution.

Easy deployment

The expertise and experience of the CRYPTAS team ensured the deployment was simple and without hidden complexities and costs. The end-to-end approach offered by CRYPTAS kept things simple and ensured everything from hardware, software, installation and support was managed in line with the agency’s requirements, timescales and budget.

Download the case study

In this case study we look at how a German Federal Agency has moved to strong passwordless authentication thanks to a solution deployed by Intercede partner, Cryptas Deutschland GmbH with MyID credential management software.

DOWNLOAD

Trusted by Governments and Large Enterprises Worldwide

Where protecting systems and information really matters, you will find MyID.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.