CYBERSECURITY

Identity & Access Security: Centralized Identity Provider

Robust authentication, seamless federation, and scalable identity control.

Identity & Access Security

OBJECTIVE
Design and deploy a secure, scalable identity platform that enables centralized authentication, integration with multiple identity sources, full user lifecycle traceability, and regulatory compliance from the initial deployment.
SOLUTION
Built around Keycloak on GKE Autopilot, integrated with Azure AD and external identity providers. The platform includes MFA, secure API access, infrastructure automation, and compliance-focused architecture aligned with GDPR and ISO 27001.

KEY ACTIONS
  • Set up federated identity using OIDC and SAML
  • Implemented MFA with TOTP and email-based OTP
  • Integrated token validation through Apigee
  • Enabled identity lifecycle management with SCIM and webhooks
  • Defined RBAC and ABAC access control policies
  • Deployed observability with Prometheus, OpenTelemetry and Cloud Monitoring
  • Aligned architecture with GDPR, ISO 27001 and DevSecOps principles
TECHNOLOGIES
  • Keycloak as Identity Provider
  • GKE Autopilot and Cloud SQL
  • Terraform and GitOps automation
  • TLS 1.3 and OPA security enforcement
  • TOTP, Email OTP and WebAuthn for MFA
  • Apigee, OAuth 2.0 and JWT integration
  • Prometheus, OpenTelemetry and Cortex XSIAM
  • GDPR, ISO 27001 and OWASP ASVS compliance frameworks

SAVINGS & BENEFITS
  • 60% reduction in incident response time for access-related events
  • Secure authentication for over 2,500 internal users and 190 external users
  • Regulatory compliance achieved from the MVP stage
  • Scalable infrastructure with no redesign required
  • Up to 6x lower total cost of ownership compared to equivalent SaaS solutions