The Centers for Medicare & Medicaid Services (CMS) is a US federal agency that administers the Medicare program in the United States. It works with state governments to administer Medicaid and health insurance standards under the auspices of the United States Department of Health and Human Services (HHS). Headquartered in Woodlawn Maryland, it employees over 6000 people and also looks after quality standards in care facilities across the country.
Running and managing such a large government machinery means deploying various websites, Content management systems (CMS), data analytics tools, and more. Handling and managing user and patient data is a big task for the organization. Owing to a need to handle multiple applications and websites, along with boosting security and privacy policies, CMS decided to adapt to a Single Sign-on solution, along with adding an extra layer of protection for users logging into these applications using Multi-Factor Authentication (MFA).
CMS deployed 15+ Drupal sites, as well as multiple applications such as Atlassian, Jira Confluence, Slack, Splunk, Miro, and many more, in order to maintain a large federal agency. In such a scenario, employees must store/remember multiple login IDs and passwords in order to log into all of these applications separately, which can be inconvenient for everyone. Subsequently, it also reduces access to company resources. CMS felt a need to simplify access to these applications and resources for its users.
Along with the above need, these applications and resources can be vulnerable to data theft, phishing attacks and other forms of hacking if not secured in a proper way. Having a single set of login credentials, any loss of these credentials can make the agency resources an easy target for data breaches. There was a need to secure these applications and sites with an extra layer of security.
Finally, CMS were looking to restrict access to their resources for anyone trying to access them from outside the company network. They desired a seamless login solution while accessing the resources from within the network, along with added security for external users.
miniOrange provided CMS with a solution to secure their data and ease access to their resources.
In order to simplify access to company resources and websites, miniOrange provided CMS with a Single Sign-on solution for their users. Owing to this, users needed to authenticate themselves once, after which they could access all other applications seamlessly, without having to enter their credentials for each application separately. This eliminated the need for storing multiple credentials for various applications. The miniOrange Identity Provider (IdP) was used to authenticate user identity.
To secure their applications, CMS were looking to restrict access for users accessing out of the company network. miniOrange provided a solution to restrict users from accessing the applications based on their IP Address.
Users who accessed the applications from within the company network could seamlessly gain access without any extra authentication requirements. This greatly increased ease of access and simplified logins for users.
Simultaneously, users who tried to login to the company dashboard from outside the company network were challenged for a Second Factor of Authentication along with their initial login credentials. This second factor ranged from Authenticator Apps (Google Authenticator), Hardware Tokens, OTP over Email and more. miniOrange supports 15+ 2FA methods. Using the above second factor methods, users could securely authenticate themselves and access the required data. miniOrange also provided the SSO connector/plugin for all Drupal and Atlassian applications for SSO integration.
With around 20,000 users, CMS were looking for a seamless solution. Having a large volume of users access the solution could increase the load on the server. In the event the server malfunctioned due to any reason and couldn't cope with the high volume of users, it can cause unnecessary inconvenience to the users. It can also leave resources vulnerable.
To avert this scenario, miniOrange provided CMS with a High Availability Solution. A clustered environment, consisting of a cluster of three nodes was created, which ran behind AWS Load balanced servers.
This meant that the load was distributed among the three nodes, thus ensuring that the system would not fail in the event of high traffic.
Finally, as 30+ applications were in use for CMS, there was a need to restrict specific users to a few applications based on their need. This meant that users needed to be grouped based on their application requirements, and could access only those applications that were assigned to them.
miniOrange provided such a solution for CMS. A separate ldap userstore was created to authenticate users trying to access various applications. This userstore for each application was differentiated based on search filters. This ensured that only authorized users could authenticate and access the applications.
Thus, Using miniOrange IDP services, CMS has secured its data and eased access for its users.