DB Schenker Innovates by Consolidating Workforce and Customer Identity Management
At a Glance
Implementing a centralized single identity management service for all users, encompassing employees, contractors, partners and customers worldwide.
Products and Services:
- Implemented centralized IAM for over 300,000 employee, contractor, partner and customer identities
- Strengthened two-step authentication with FIDO2-enabled risk-based authentication
- Migrated 50 applications to new authentication service seamlessly thanks to standards support
- Delivering integrations to centralized identity service in 30 minutes or less
DB Schenker is a global logistics leader and partner to large organizations who rely on the company for on-time delivery and stable, secure services. Competing against better-known competitors, DB Schenker is committed to differentiating themselves by providing land transport, worldwide air and ocean freight solutions that challenge the status quo.
DB Schenker’s culture of innovation extends throughout their organization, including identity management. After identifying the need for a more secure and modern authentication service, they saw a bigger opportunity to undertake a digital transformation initiative and provide better, more streamlined access to resources and information for both their workforce and customers.
The DB Schenker team, led by head of identity management, James Naughton, sought to extend their existing identity and access management (IAM) infrastructure to secure employee access and take advantage of the cloud. Schenker needed support for modern web-based authentication protocols like SAML and OpenID Connect and multi-factor authentication (MFA). The new solution also needed to support web-based authentication and authorization protocols, including SCIM and RADIUS.
Seeking to maintain a “Schenkerized” solution that maintained continuity in look and feel, James and the team defined a rather unique requirement: they wanted to centralize on a single identity management service for all users, encompassing employees, contractors, partners and customers. This required a flexible and customizable solution that would support unique configurations of the user interface and flow for each type of user.
The DB Schenker team also needed to overcome challenges posed by the coexistence of a central authentication service alongside an Azure AD solution for employee Microsoft access. They wanted to eventually provide MFA to every employee without negatively impacting their experience or the usability of either service. Rounding out their new solution requirements was the need for stability, as well as deployability to their Kubernetes cluster to enable scalability based on demand.
Head of the Schenker Identity Management Service
„In the past, we needed to invest significant time and resources to develop integrations. But now we simply configure the system and can deliver technically complete integrations in 30 minutes, a decrease in effort of 75 %.“
James and the team asked iC Consult, their IAM consultant and systems integrator, to conduct a proof of concept. They ultimately selected Ping Identity to provide the authentication and authorization capabilities needed to deliver a consolidated and centralized identity management service. With the help of iC Consult’s developers, the DB Schenker team started the roll-out of their new Ping solution alongside their existing authentication service. Then they started to migrate integrated services to Ping.
The first stage of implementation included delivering the platform, as well as simple authentication and a minimum viable product for customer MFA. This initial iteration included a Schenkerized user interface for authentication and full integration into DB Schenker’s existing identity management infrastructure. They also delivered a complete suite of verification options for all users, including the PingID mobile and desktop apps, and mobile SDK, as well as SMS.
The DB Schenker team next extended the solution by adding their first riskbased authentication policies based on the type of user and the application they’re attempting to access. This allowed them to streamline access by minimizing friction for low-risk access requests, while also paving the way for future passwordless authentication.
Armed with a true federation platform, the DB Schenker identity team is able to centrally manage critical security policies and control access and authentication to their applications. The addition of risk-based MFA allows them to provide an even higher level of security for access to their IT landscape, creating peace of mind for both the team and their customers. They’ve also reduced integration time to 30 minutes, a 75% improvement over their previous workflow.
Like many in similar positions, the DB Schenker team must prove the value of identity management to their leadership. The work-from-home orders imposed during COVID-19 gave them an opportunity to shine. A short time to market was required to ensure uninterrupted business services to their customers. The team was able to quickly take their existing authentication service and extend it to provide RADIUS authentication. This, in turn, allowed them to increase VPN capacity to ensure reliable and secure remote access for their employees.
As the team looks ahead, they’ll continue to seek ways to innovate and push the boundaries of identity. Their current initiatives include progressing toward passwordless authentication and continually improving the system to support workforce productivity.