Orange S.A., France’s largest telecommunications company with 170,000 employees, was faced with the challenge of managing the user identities of around 30 million mail accounts and handling several hundred thousand simultaneous accesses after the overhaul of its consumer email platform. Such a renewal became necessary as the previous system could no longer withstand the continuous growth of the platform and the software stack was no longer up to date.
A scalable and efficient solution to transform identity management
Provided by Univention
The need
Handling the transformation of user identity management
The goal
A trouble-free migration for IT managers and users
Since it was not possible to migrate all 30 million user accounts at once, a step-by-step approach has been introduced which needed a high scalability of the system for the successive migration of mail accounts. The IT managers of the project also wanted flexible roles, both for delegative administration and for the content of LDAP replicas (dedicated LDAP clusters per connected service).
And finally, high data protection requirements had to be met.
- Ability to manage 30 million user identities.
- The directory service must handle more than a hundred thousand simultaneous requests.
- Delegated administration and scalable notifications.
- API compatibility to existing systems.
- Highly scalable for gradual user data migration.
Our approach
Scalable and open source product for Orange IT Team
Our solution, Univention Corporate Server (UCS) with integrated OpenLDAP, offers a scalable identity management system that remains stable even at high workloads thanks to an LDAP cluster.
- UCS utilizing an integrated OpenLDAP as an identity management for 30 million users.
- Creating a stable LDAP cluster capable of handling numerous simultaneous requests.
- Implementing SOAP interfaces and provisioning and notification plugins for external APIs.
- Integrating Open-Xchange, Dovecot, a provisioning router and broker by Tarent and many Orange specific services.
The decision of the responsible Orange IT team favoured UCS, as it enabled the flexible mapping of roles and rights both at the level of delegative administration and for selective replication of the LDAP servers. However, the possibilities offered by UCS for a scalable notification system as well as the existing and expandable interfaces were also important, since UCS also had to harmonize with the existing system.
The result
A successful identity management system
Following the start of the project in mid-2014, the first project release with full functionality could already be delivered in 2015. Over the course of 2016, the solution was expanded with additional functions and server roles and numerous performance tests were carried out to ensure that the system would withstand the expected extremely high workloads. At the end of the same year, the system went live with the full range of managed identities. Since then, mail accounts have been successively migrated to the new system. In addition, new requirements, such as stricter data protection regulations or new provisioning workflows, are continually being implemented.
Contact
Contact us for more information
Leave us a message! Our teams will get back to you as soon as possible.
