This company is a leading provider of integrated health and benefits management solutions, serving over 20 million individuals across thousands of organizations.
The client manages digital health and benefits administration, providing a seamless platform that unifies health plan administration, wellness programs, and analytics. It is a critical partner for large employers managing complex healthcare needs.
The client faced a legal request from another, larger company due to a branding issue. Unfortunately, changing the brand name meant updating the URL in their portal. While this seems trivial, there were deeper requirements and constraints for the business.
The client uses open-source Keycloak to manage logins, which provides a URL to identify the business. To comply with the legal request, they would need to update their single-sign-on URL to match the new branding.
However, this also meant asking their entire partner company network to reconfigure their systems, causing major disruption for the partners and their customers. This was not only a new domain name but an entire URL path they needed to change based on the Keycloak realm.
The client’s team was capable. However, they did not have the time to rewrite hundreds of URLs and reconfigure hundreds of partner systems.
They needed a better solution.
The client knew Shadow-Soft had extensive experience with Keycloak and contacted us for help finding the smoothest solution within a month to comply with the legal requirements.
We set up Keycloak as an intermediary of itself, setting up one realm representing the new URL while maintaining the old Keycloak realm. This allowed the business to seamlessly redirect users to the new branded URL without having to reconfigure 100s partner company portals and manage the disruption.
We set up an additional Keycloak server under the new branded name. Then, we turned off their ability to log in directly into this Keycloak system and enabled the new Keycloak provider to be the federated identity provider for the old Keycloak instance.
When someone logs in with their browser, they’re sent to the legacy Keycloak instance and are immediately redirected to the new instance, thereby mascarding the previously branded URL.
The client’s portal login is under the new branded URL in compliance with the legal requirements.
Features:
We analyzed the existing setup and suggested three potential solutions based on their needs and our understanding of Keycloak for their environment.
After showing the client the solution, they still had trouble visualizing what was needed for implementation, and they doubted how effective the solution would be.
We illustrated how to implement the solution through demonstrations with small use cases in the client’s demo environment, helping them troubleshoot their team's challenges until they understood how to set it up and why each potential solution could work.
With that understanding, they decided on the most seamless solution to integrate that would meet their current requirements, implemented the changes and reconfigured their systems within two weeks.
After the new environment was fully setup, the team began performing database manipulation scripts and migrated the data over. They also did SQL dumps and paired them with the new database.
This prevented them from having to manually recreate the usernames with the same encrypted passwords inside of the new realm.
The client used Keycloak as an identity provider. We showed them how to use the brokering function of the Keycloak to deploy the solution.
The project was completed within two weeks, delivering an effective solution that worked completely in a faster timeline than the client expected. This helped them avoid the legal roadblocks a delay in implementation would have created.
After delivering the guidance the team needed to knock out the project within the pressing deadline, they will conduct a systems assessment with Shadow-Soft.