Almavia is an IT service company specialized in the integration of CRM and Contact Center solutions, partnering with leading software vendors in these segments. The company, created in 2005, conducts 12M € per year in business deals with SMEs, major accounts and public players and counts 120 employees. In June 2017 it became part of the Nextedia group.
Almavia uses Trustelem to secure their information system and simplify its use. As CISO and architect of internal IT, Thierry Fau's mission is to build an IT system compliant with always stronger security requirements and offering optimum user comfort for employees.
Damien Ribic, Alternate CISO and Head of Systems and Networks, manages Almavia’s systems, internal networks and projects. Here they give their feedback on Trustelem.
The security requirements of our large customers matters, require us to secure access to our IF by generalizing two-factor authentication on all access from the Internet. The services concerned are either internally hosted services or cloud services (Dropbox, Office365, BoondManager).
We started to deploy 2-factor authentication independently on each services. The situation was complicated to manage and the standard solutions offered by Office 365 were not applicable in our organization.
Without response to the multi-factor authentication requirement, it would have been difficult to maintain our SEO at one of our most important client.
We needed a solution that was simple to administer, and deployable quickly covering authentication on our SaaS services, and on our internal VPN. Ideally the current management should only from the internal AD directory.
We had to be able to offer a second authentication factor to collaborators to whom we do not provide any hardware: PC or phone.
Ideally, the deployed solution would produce reports and convincing logs, presentable at our clients.
For the overall cost of the solution and the simplicity of implementation.
Study of the solution, PoC, synchronization of the accounts between the internal AD and Office 365, activation of the SSO Trustelem on Dropbox then on Boond then on Office 365, deployment of authentication two factors.
Less than 10 men.days. The Trustelem teams accompanied us for the synchronization between the internal AD and Office 365.
The technical impact on our infrastructure has been limited to deploying the Trustelem AD connector Connect.
The Office 365 configuration required some effort to implement authentication federated into heavy Office clients (Word, Outlook, Skype Enterprise etc.). It was necessary to activate the modern authentication option via PowerShell scripts.
Regarding the VPN, the solution selected previously, Fortigate, is unfortunately not compatible with identity federation protocols that would have allowed Trustelem to be used.
Users go through the Trustelem portal instead of accessing each application directly. The solution avoids the re-keying of passwords and is well accepted by the users.
Have they been reached? overtaken
The integration of Fortigate VPN access into Trustelem is the only requirement that has not been met, and we had to deploy an alternative strong authentication solution for these accesses.
Our other expectations have largely been met, in particular the simplification of the administration accounts by the IT department.
Yes. The solution allows for a very reasonable cost to centralize authentication over a wide choice of applications, and offers efficient administration tools that are well integrated into our IS.
The Trustelem teams accompanied us with commitment and competence.
You want to learn more about how Trustelem suits in your particular context? Contact us!