Challenge

ARM Holdings plc is the world's leading semiconductor intellectual property (IP) supplier. The technology they design is at the heart of 90% of the global smartphone market, and 60% of the embedded chip market, covering many electronic devices.

ARM has an innovative business model. Instead of bearing the costs associated with manufacturing, they license their technology to a network of partners, mainly leading semiconductor manufacturers and OEMs. These partners utilise their designs to create smart, low energy chips suitable for modern electronic devices.

As the company’s IT estate continued to grow beyond internal perimeters through the use of externally hosted and cloud software solutions, the global user base had become increasingly frustrated with repeatedly logging in and out of numerous web portal applications every day. A pass-through mechanism was required to enable users to authenticate once to any web portal configured, and gain access to any other web portals permitted without having to repeat the log-in process on the same working day.

Solution

ARM selected us to design and implement an Enterprise Single Sign On (ESSO) solution to provide Single Sign On (SSO) with a selection of internal web applications, and to allow federated access to external Software as a Service (SaaS) providers. The design integrates with existing user repositories, and allows access from both within and outside ARM’s network. For external access, the solution integrates with ARM’s existing network infrastructure, and allows for two-factor authentication.

The design requirements also required the solution to provide high availability across three global regional centres, but also allow continued operation within a regional centre, should network connectivity between the regional centres become interrupted.

Results

As a systems integrator with experience of implementing many Identity and Access Management (IAM) Vendor products, we immediately recognised that ForgeRock’s OpenAM would be a perfect fit for ARM’s requirements for a simple, light touch, yet resilient solution that could provide:

  • Browser based pass-through authentication
  • Integration with Oracle Directory Server Enterprise Edition
  • Federated authentication for cloud based services (e.g. SAML)
  • Coarse-grained authorisation

We were chosen to deliver two major outcomes; the implementation of Single Sign-On for the first tranche of ARM applications, but also the tools for ARM to be able to support and extend the scope of the SSO to the remaining 130 applications. This includes:

  • Logical and operational design documentation
  • Automated build of environments
  • pattern guides for protecting resources of differing technologies
  • Documentation of integrated applications
  • Mentoring of ARM staff to supplement and consolidate their ForgeRocK training
  • Testing deliverables, including strategy and automated regression and non-functional tests

Over the course of our partnership with ARM, we have worked with internal stakeholders, including service and platform owners, technology vendors, and external parties to help deliver the best technical solution and business outcomes for their business.